From 64715a189fe19e8a25bb8757591e3ef60f3f9aa8 Mon Sep 17 00:00:00 2001 From: Alex Jitianu Date: Tue, 3 Dec 2019 09:21:13 +0000 Subject: FS: Don't use innocuous threads for CompletableFuture The default threads from the ForkJoinPool run without any privileges when a SecurityManager is installed, leading to SecurityExceptions when trying to create the probe file even if the application otherwise has write privileges in the directory. Use a dedicated ThreadPoolExecutor using daemon threads instead. Bug: 551690 Change-Id: Id5376f09f0d7da5ceea367e1f0dfc70f823d62d3 Signed-off-by: Alex Jitianu Signed-off-by: Thomas Wolf --- .../api/SecurityManagerMissingPermissionsTest.java | 132 +++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 org.eclipse.jgit.test/tst/org/eclipse/jgit/api/SecurityManagerMissingPermissionsTest.java (limited to 'org.eclipse.jgit.test/tst/org') diff --git a/org.eclipse.jgit.test/tst/org/eclipse/jgit/api/SecurityManagerMissingPermissionsTest.java b/org.eclipse.jgit.test/tst/org/eclipse/jgit/api/SecurityManagerMissingPermissionsTest.java new file mode 100644 index 0000000000..a07f37009e --- /dev/null +++ b/org.eclipse.jgit.test/tst/org/eclipse/jgit/api/SecurityManagerMissingPermissionsTest.java @@ -0,0 +1,132 @@ +/* + * Copyright (c) 2019 Alex Jitianu and others + * + * This program and the accompanying materials are made available under the + * terms of the Eclipse Distribution License v. 1.0 which is available at + * https://www.eclipse.org/org/documents/edl-v10.php. + * + * SPDX-License-Identifier: BSD-3-Clause + */ +package org.eclipse.jgit.api; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + +import java.io.File; +import java.io.IOException; +import java.io.StringWriter; +import java.nio.file.Files; +import java.nio.file.Path; +import java.security.Policy; +import java.util.Collections; + +import org.apache.log4j.Logger; +import org.apache.log4j.PatternLayout; +import org.apache.log4j.WriterAppender; +import org.eclipse.jgit.junit.RepositoryTestCase; +import org.eclipse.jgit.util.FileUtils; +import org.junit.After; +import org.junit.Before; +import org.junit.Test; + +/** + * Tests that using a SecurityManager does not result in errors logged. + */ +public class SecurityManagerMissingPermissionsTest extends RepositoryTestCase { + + /** + * Collects all logging sent to the logging system. + */ + private final StringWriter errorOutputWriter = new StringWriter(); + + /** + * Appender to intercept all logging sent to the logging system. + */ + private WriterAppender appender; + + private SecurityManager originalSecurityManager; + + @Override + @Before + public void setUp() throws Exception { + originalSecurityManager = System.getSecurityManager(); + + appender = new WriterAppender( + new PatternLayout(PatternLayout.TTCC_CONVERSION_PATTERN), + errorOutputWriter); + + Logger.getRootLogger().addAppender(appender); + + refreshPolicyAllPermission(Policy.getPolicy()); + System.setSecurityManager(new SecurityManager()); + super.setUp(); + } + + /** + * If a SecurityManager is active a lot of {@link java.io.FilePermission} + * errors are thrown and logged while initializing a repository. + * + * @throws Exception + */ + @Test + public void testCreateNewRepos_MissingPermissions() throws Exception { + File wcTree = new File(getTemporaryDirectory(), + "CreateNewRepositoryTest_testCreateNewRepos"); + + File marker = new File(getTemporaryDirectory(), "marker"); + Files.write(marker.toPath(), Collections.singletonList("Can write")); + assertTrue("Can write in test directory", marker.isFile()); + FileUtils.delete(marker); + assertFalse("Can delete in test direcory", marker.exists()); + + Git git = Git.init().setBare(false) + .setDirectory(new File(wcTree.getAbsolutePath())).call(); + + addRepoToClose(git.getRepository()); + + assertEquals("", errorOutputWriter.toString()); + } + + @Override + @After + public void tearDown() throws Exception { + System.setSecurityManager(originalSecurityManager); + Logger.getRootLogger().removeAppender(appender); + super.tearDown(); + } + + /** + * Refresh the Java Security Policy. + * + * @param policy + * the policy object + * + * @throws IOException + * if the temporary file that contains the policy could not be + * created + */ + private static void refreshPolicyAllPermission(Policy policy) + throws IOException { + // Starting with an all permissions policy. + String policyString = "grant { permission java.security.AllPermission; };"; + + // Do not use TemporaryFilesFactory, it will create a dependency cycle + Path policyFile = Files.createTempFile("testpolicy", ".txt"); + + try { + Files.write(policyFile, Collections.singletonList(policyString)); + System.setProperty("java.security.policy", + policyFile.toUri().toURL().toString()); + policy.refresh(); + } finally { + try { + Files.delete(policyFile); + } catch (IOException e) { + // Do not log; the test tests for no logging having occurred + e.printStackTrace(); + } + } + } + +} -- cgit v1.2.3