Arthur,
On 07/05/2019 19:35, Arthur Eubanks wrote:
...
With help from Chris's references ([1]), I added a test with a policy
file that grants IPSupport permission to listen/resolve localhost:0, and
read the java.net.preferIPv4Stack system property. Without either
permission, the test fails as expected.
One thing I discovered is that to make the policy file work properly
with the jtreg directory structure, I needed to add "@build
jdk.test.lib.net.IPSupport" to the test. So any test that wants to use
IPSupport and security managers needs to have that extra line and make
sure that its policy file contains all the permissions as in the new
test policy I added.
That is ok.
Without "@build jdk.test.lib.net.IPSupport", the policy file would need
grant codeBase "file:${test.classes}/-"
With "@build jdk.test.lib.net.IPSupport", the policy file needs grant
codeBase "file:${test.classes}/../../../../test/lib/-"
Right, the difference comes from how jtreg builds its dependencies. The
former is an example of when a library is used conveniently with just
the @library tag, the library is automatically compiled into the
specific test's classes directory. The latter is when the library is
explicitly compiled with an @build, and gets put into a shared library
output directory, so that other tests ( that also specify an @build with
that library name ) can use the pre-built classes.
This matches [1], and seems more restrictive (only applies to test
library code) and better.
New webrev: http://cr.openjdk.java.net/~aeubanks/8220673/webrev.03/
I am happy with this latest version. Reviewed.
Trivially, maybe rename B8220673.java to something more descriptive
( without the bug no. ). Maybe MinimumPermissions? or whatever,
no need for a new webrev.
-Chris.
P.S. adding nio-dev since there are a few tests in that area
being updated.
[1]:
https://hg.openjdk.java.net/jdk/jdk/file/1dc9bf9d016b/test/jdk/java/net/httpclient/AsFileDownloadTest.policy#l24