db-derby-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vemund Ostgaard <Vemund.Ostga...@Sun.COM>
Subject Optional permissions in policy files
Date Tue, 26 Feb 2008 14:09:20 GMT
Based on Dans suggestions to fix an issue with my patch for DERBY-3445, 
I read up a bit more on policy files and discovered a feature that can 
be used to make parts of the policy file optional. Since I didn't know 
about this feature myself, I thought I'd share it with the community, as 
I think it could be useful if you are trying to figure out how to get a 
test to run with the security manager.

I found the following details on property expansion in policy files 
here: 
http://java.sun.com/j2se/1.4.2/docs/guide/security/PolicyFiles.html#PropertyExp 


---
Also note: If a property can't be expanded in a grant entry, permission 
entry, or keystore entry, that entry is ignored. For example, if the 
system property "foo" is not defined and you have:

    grant codeBase "${foo}" {
      permission ...;
      permission ...;
    };

then all the permissions in this grant entry are ignored. If you have

    grant {
      permission Foo "${foo}";
      permission Bar;
    };

then only the "permission Foo..." entry is ignored. And finally, if you 
have

    keystore "${foo}";

then the keystore entry is ignored.
---

So, if you have some permission you want to be used only in special 
circumstances, it can be controlled for instance by using a property 
that is either not set (disabled) or set to an empty string (enabled). 
Adding this property to some part of the permissions you want to be 
optional means that these permissions are enabled when the property is 
set and ignored if the property is not set. Since the property is just 
set to an empty string, the permission itself is not affected in any way 
by the property.

Vemund

Daniel John Debrunner (JIRA) wrote:
>     [ https://issues.apache.org/jira/browse/DERBY-3445?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12572140#action_12572140
] 
>
> Daniel John Debrunner commented on DERBY-3445:
> ----------------------------------------------
>
> It's a concern that permissions are always granted to derby.jar, even though they are
only needed if performing code coverage with EMMA.
> This creates an opportunity where Derby code could unknowingly start to depend on those
permissions.
>
> These permissions are as follows, are they needed for all code in the stack, or just
a subset?
>
> +    // These permissions are needed when testing code instrumented with EMMA.
> +    permission java.util.PropertyPermission "user.dir", "read";
> +    permission java.io.FilePermission "${user.dir}${/}coverage.ec", "read";
> +    permission java.lang.RuntimePermission "writeFileDescriptor";
>
> A work-around may be to add separate sections in the policy file, e.g. if these permissions
are only needed for a subset of jars then:
>
>  grant codebase "${emmaActive}/derby.jar" {
>    permission java.util.PropertyPermission "user.dir", "read";
>    permission java.io.FilePermission "${user.dir}${/}coverage.ec", "read";
>    permission java.lang.RuntimePermission "writeFileDescriptor";
> };
>
> then emmaActive is only set when running code coverage with EMMA. It possible a similar
trick could be done if they are needed for all code,
> something that resolves to:
>  grant  {
>    permission java.util.PropertyPermission "user.dir", "read";
>    permission java.io.FilePermission "${user.dir}${/}coverage.ec", "read";
>    permission java.lang.RuntimePermission "writeFileDescriptor";
> };
>
> if and only if some emma property is set


Mime
View raw message