> On 6 May 2019, at 23:55, Martin Buchholz <marti...@google.com> wrote: > > > > On Thu, May 2, 2019 at 2:28 AM Daniel Fuchs <daniel.fu...@oracle.com > <mailto:daniel.fu...@oracle.com>> wrote: > > 1. IPSupport needs to read system properties, attempts > to bind sockets etc... I wonder how that might interact > with tests that use a security manager, as some of these > operations may throw a SecurityException. > Maybe some double checking would be in order for those. > > Reading system properties is such a common operation that test library code > should simply rely on the security manager allowing it. Yes, it is sometimes > useful to have a DraconianSecurityManager in a test, including one that > disallows System.getProperty (I've written such a test myself!) but then the > use of that security manager should be scoped to a limited operation that > includes no test library code, as in > > /** > * Runs Runnable r with a security policy that permits precisely > * the specified permissions. If there is no current security > * manager, a temporary one is set for the duration of the > * Runnable. We require that any security manager permit > * getPolicy/setPolicy. > */ > public void runWithSecurityManagerWithPermissions(Runnable r, > Permission... > permissions) { > > The same argument might apply to socket operations as well.
Right. It applies to socket operations also. While I don't disagree with Martin, and it is a little cumbersome to use test library code in combination with a security manager and a fine-grained policy set in the jtreg @run tag, it should still work. For example, the use of jdk.test.lib.net.SimpleSSlContext in one of the HTTP Client tests [1] [2] [3]. It is almost trivial to add the appropriate privileged blocks to IPSupport. http://cr.openjdk.java.net/~chegar/8220673/webrev.01_draft/test/lib/jdk/test/lib/net/IPSupport.java.html We should just to it while here to avoid any small / trivial tests that may want to set a security manager using jtreg's support, from even considering writing their own version of IPSupport. -Chris. [1] https://hg.openjdk.java.net/jdk/jdk/file/1dc9bf9d016b/test/jdk/java/net/httpclient/AsFileDownloadTest.java#l40 [2] https://hg.openjdk.java.net/jdk/jdk/file/1dc9bf9d016b/test/jdk/java/net/httpclient/AsFileDownloadTest.policy#l24 [3] https://hg.openjdk.java.net/jdk/jdk/file/1dc9bf9d016b/test/lib/jdk/test/lib/net/SimpleSSLContext.java#l54
