// // Licensed to the Apache Software Foundation (ASF) under one or more // contributor license agreements. See the NOTICE file distributed with // this work for additional information regarding copyright ownership. // The ASF licenses this file to You under the Apache License, Version 2.0 // (the "License"); you may not use this file except in compliance with // the License. You may obtain a copy of the License at // // http://www.apache.org/licenses/LICENSE-2.0 // // Unless required by applicable law or agreed to in writing, software // distributed under the License is distributed on an "AS IS" BASIS, // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. // See the License for the specific language governing permissions and // limitations under the License. // // Policy file with minimal set of permissions to run unit test for // Derby System Privileges (DERBY-2109). // // The test harness sets up four variables used by this policy file // // derbyTesting.codejar - URL to the jar files when they are in the classpath // derbyTesting.codeclasses - URL to the classes directory when it is in the classpath // // Only one of derbyTesting.codejar and derbyTesting.codeclasses will be valid, the // other will be set to a bogus URL like file://unused // // derbyTesting.codedir - File location of either derbyTesting.codejar or derbyTesting.codeclasses. // Only required due to a BUG (see below for more info). // // derbyTesting.jaxpjar - URL to the jar file containing the JAXP implementation // for XML-based tests (ex. lang/XMLBindingTest.java). // // derbyTesting.serverhost - Host name or ip where network server is started // derbyTesting.clienthost - specifies the clients ip address/hostName. // when testing with networkserver on a remote host, this needs to be passed in // with the NetworkServerControl start command // PLEASE NOTE WHEN EDITING: This policy file is almost identical to // SystemPrivilegesPermissionTest.policy // except for the SystemPrincipal authorization grants. The duplicity of // information cannot be avoided unless there's an automated generation of // policy files as proposed by DERBY-3547 (or a policy include mechanism). // // Permissions for the tests (derbyTesting.jar) // grant codeBase "${derbyTesting.testjar}derbyTesting.jar" { // Allow tests to install and uninstall the security manager and // to refresh the policy permission java.util.PropertyPermission "java.security.policy", "read,write"; permission java.lang.RuntimePermission "setSecurityManager"; permission java.security.SecurityPermission "getPolicy"; // Allow setIO to change the system err and out streams //permission java.lang.RuntimePermission "setIO"; // derbyTesting.junit.TestConfiguration... modifies System properties permission java.util.PropertyPermission "*", "read,write"; // System Privileges test needs to run "doAsPrivileged" permission javax.security.auth.AuthPermission "doAsPrivileged"; }; // // Permissions for the embedded engine (derby.jar) // grant codeBase "${derbyTesting.codejar}derby.jar" { // System Privileges framework needs to run "doAsPrivileged" //permission javax.security.auth.AuthPermission "doAsPrivileged"; // System Privileges framework needs to resolve relative directory names, // which requires a property-read permission permission java.util.PropertyPermission "user.dir", "read"; // System Privileges framework needs to canonicalize directory names, // which requires file-read permission // Because this unit test involves some relative and absolute sample paths, // we liberally grant read access to all files. permission java.io.FilePermission "<>", "read"; // getProtectionDomain is an optional permission needed for printing classpath // information to derby.log permission java.lang.RuntimePermission "getProtectionDomain"; }; // // Permissions for running the test on the class files // grant codeBase "${derbyTesting.codeclasses}" { // Allow tests to install and uninstall the security manager and // to refresh the policy permission java.util.PropertyPermission "java.security.policy", "read,write"; permission java.lang.RuntimePermission "setSecurityManager"; permission java.security.SecurityPermission "getPolicy"; // Allow setIO to change the system err and out streams //permission java.lang.RuntimePermission "setIO"; // derbyTesting.junit.TestConfiguration... modifies System properties permission java.util.PropertyPermission "*", "read,write"; // System Privileges test needs to run "doAsPrivileged" permission javax.security.auth.AuthPermission "doAsPrivileged"; // System Privileges framework needs to run "doAsPrivileged" //permission javax.security.auth.AuthPermission "doAsPrivileged"; // System Privileges framework needs to resolve relative directory names, // which requires a property-read permission permission java.util.PropertyPermission "user.dir", "read"; // System Privileges framework needs to canonicalize directory names, // which requires file-read permission // Because this unit test involves some relative and absolute sample paths, // we liberally grant read access to all files. permission java.io.FilePermission "<>", "read"; }; // JUnit jar file tries to read junit.properties in the user's // home directory and seems to require permission to read the // property user.home as well. // junit.swingui.TestRunner writes to .junitsession on exit. grant codeBase "${derbyTesting.junit}" { permission java.util.PropertyPermission "user.home", "read"; permission java.io.FilePermission "${user.home}${/}junit.properties", "read"; permission java.io.FilePermission "${user.home}${/}.junitsession", "write"; // This permission is needed when running the tests using ant 1.7 permission java.io.FilePermission "${user.dir}${/}*", "write"; }; // Ant's junit runner requires setOut to redirect the System output streams // to the forked JVM used when running junit tests inside Ant. Ant requires // forking the JVM if you want to run tests in a different directory than the // current one. grant codeBase "${derbyTesting.antjunit}" { permission java.lang.RuntimePermission "setIO"; // This permission is needed when running the tests using ant 1.7 permission java.io.FilePermission "${user.dir}${/}*", "write"; };