Java Security implemented

Submitted by epr on Sun, 03/14/2004 - 09:59.

Java Security has been implemented and enabled in the CVS HEAD branch. Click here for the documentation.

If you find any AccessControlException which are not supposed to happen, think if you really need these permissions and if so, see the documentation mentioned above for information on how to give permissions to your plugin.

Additional permission checks will be added soon to protect the internals of JNode and the driver architecture. E.g. accessing device's will be guarded soon, to ensure that only the appropriate layer has access to it.

Be careful with giving permissions, because too much permissions undermine to whole concept of security!

‹ Dynamic plugin (re)loading .... Now with dependency loading buffer for keyboard ? ›

Problem with 2 way calls: programlibrary ?

Submitted by Fabien D on Sat, 04/17/2004 - 17:09.

My program have these rights:
java.util.PropertyPermission" name="user.home" actions="read" implied by use of JUnit
java.io.FilePermission" name="/junit.properties" actions="read" implied by use of JUnit
java.io.FilePermission" name="/jnode/*" actions="read,write"

The library (JUnit) have these rights:
java.util.PropertyPermission" name="user.home" actions="read"
java.io.FilePermission" name="/junit.properties" actions="read"

The problem is : the class TestCase (from JUnit) do an invoke on a class (of my program) that inherits from TestCase.
So, JUnit also need the permission :
java.io.FilePermission" name="/jnode/*" actions="read,write"

Conclusion : These kind of library can't have less rights than its user.
If there are many different users, the library need to have the sum of all the rights of its users !
I think it's a problem. What is the solution ?

Create a priviledged action

Submitted by admin on Sat, 04/17/2004 - 17:22.

In your test method create a priviledged action and run it via
AccessControl.doPriviledged(..)
Ewout

FilePermission: implicit access to subdirectories ?

Submitted by Fabien D on Sat, 04/17/2004 - 15:03.

I have found by running JUnit, that it can't read its own property file.
Here is the exception I had:
java.io.FilePermission: /junit.properties read not granted due to junit.runner.BaseTestRunner

Here is what the SUN spec say about FilePermission :
And finally, note that code always automatically has permission to read files from its same (URL) location, and subdirectories of that location; it does not need explicit permission to do so.

So, I had to give EXPLICIT permission.

Probably a bug

Submitted by admin on Sun, 04/18/2004 - 17:40.

This is probably a bug, because i've not actively programmed that behaviour.
I've been able to run tests without this exception.
Please specify what you've done.

Ewout

Not so sure it's a bug

Submitted by markhale on Sun, 04/18/2004 - 23:51.

I'm sure this behaviour is also present in the Sun implementation.

I added permission step by step

Submitted by Fabien D on Sun, 04/18/2004 - 18:01.

When I tried to run JUnit under JNode, I wasn't aware about security and permission.

So, I used it and, after each security exception, I added the needed permission.

After things are working, I saw the SUN spec and found this bug.

I've noticed that as well

Submitted by markhale on Sat, 04/17/2004 - 22:54.

I've noticed that as well. I think the default file permissions are only defaults, and the presence of any policy overrides them....I think.