JavaIoObjectInputStreamTest.java revision 89c1feb0a69a7707b271086e749975b3f7acacf7
1/* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package tests.security.permissions; 18 19import dalvik.annotation.TestInfo; 20import dalvik.annotation.TestLevel; 21import dalvik.annotation.TestTarget; 22import dalvik.annotation.TestTargetClass; 23 24import junit.framework.TestCase; 25 26import java.io.File; 27import java.io.FileInputStream; 28import java.io.IOException; 29import java.io.InputStream; 30import java.io.NotActiveException; 31import java.io.ObjectInputStream; 32import java.io.SerializablePermission; 33import java.io.StreamCorruptedException; 34import java.security.Permission; 35 36/* 37 * This class tests the secrity permissions which are documented in 38 * http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html#PermsAndMethods 39 * for classes 40 * java.io.ObjectInputStream 41 * java.io.ObjectOutputStream 42 */ 43@TestTargetClass(SecurityManager.class) 44public class JavaIoObjectInputStreamTest extends TestCase { 45 46 SecurityManager old; 47 48 @Override 49 protected void setUp() throws Exception { 50 old = System.getSecurityManager(); 51 super.setUp(); 52 } 53 54 @Override 55 protected void tearDown() throws Exception { 56 System.setSecurityManager(old); 57 super.tearDown(); 58 } 59 60 @TestInfo( 61 level = TestLevel.PARTIAL, 62 purpose = "Verifies that ObjectInputStream.enableResolveObject method " + 63 "calls checkPermission of security manager.", 64 targets = { 65 @TestTarget( 66 methodName = "checkPermission", 67 methodArgs = {java.security.Permission.class} 68 ) 69 }) 70 public void test_ObjectInputStream() throws IOException { 71 class TestSecurityManager extends SecurityManager { 72 boolean called; 73 Permission permission; 74 void reset(){ 75 called = false; 76 permission = null; 77 } 78 @Override 79 public void checkPermission(Permission permission){ 80 if(permission instanceof SerializablePermission){ 81 called = true; 82 this.permission = permission; 83 } 84 super.checkPermission(permission); 85 } 86 } 87 88 // TestObjectInputStream is necessary in order to call enableResolveObject 89 class TestObjectInputStream extends ObjectInputStream { 90 TestObjectInputStream(InputStream s) throws StreamCorruptedException, IOException { 91 super(s); 92 } 93 @Override 94 public boolean enableResolveObject(boolean enable) throws SecurityException { 95 return super.enableResolveObject(enable); 96 } 97 } 98 99 long id = new java.util.Date().getTime(); 100 String filename = "SecurityPermissionsTest_"+id; 101 File f = File.createTempFile(filename, null); 102 f.deleteOnExit(); 103 104 TestObjectInputStream ois = new TestObjectInputStream(new FileInputStream(f)); 105 106 TestSecurityManager s = new TestSecurityManager(); 107 System.setSecurityManager(s); 108 109 s.reset(); 110 ois.enableResolveObject(true); 111 assertTrue("ObjectInputStream.enableResolveObject(boolean) must call checkPermission on security manager", s.called); 112 assertEquals("Name of SerializablePermission is not correct", "enableSubstitution", s.permission.getName()); 113 } 114 115 @TestInfo( 116 level = TestLevel.PARTIAL, 117 purpose = "Verifies that ObjectInputStream constructor calls " + 118 "checkPermission method of security manager.", 119 targets = { 120 @TestTarget( 121 methodName = "checkPermission", 122 methodArgs = {java.security.Permission.class} 123 ) 124 }) 125 public void test_ObjectInputOutputStream() throws IOException { 126 class TestSecurityManager extends SecurityManager { 127 boolean called; 128 Permission permission; 129 void reset(){ 130 called = false; 131 permission = null; 132 } 133 @Override 134 public void checkPermission(Permission permission){ 135 if(permission instanceof SerializablePermission){ 136 called = true; 137 this.permission = permission; 138 } 139 super.checkPermission(permission); 140 } 141 } 142 143 // Beginning with J2SE 1.4.0, ObjectOutputStream's public one-argument constructor 144 // requires the "enableSubclassImplementation" SerializablePermission when invoked 145 // (either directly or indirectly) by a subclass which overrides 146 // ObjectOutputStream.putFields or ObjectOutputStream.writeUnshared. 147 // 148 // Also beginning with J2SE 1.4.0, ObjectInputStream's public one-argument 149 // constructor requires the "enableSubclassImplementation" SerializablePermission 150 // when invoked (either directly or indirectly) by a subclass which overrides 151 // ObjectInputStream.readFields or ObjectInputStream.readUnshared. 152 153 154 class TestObjectInputStream extends ObjectInputStream { 155 TestObjectInputStream(InputStream s) throws StreamCorruptedException, IOException { 156 super(s); 157 } 158 } 159 160 class TestObjectInputStream_readFields extends ObjectInputStream { 161 TestObjectInputStream_readFields(InputStream s) throws StreamCorruptedException, IOException { 162 super(s); 163 } 164 @Override 165 public GetField readFields() throws IOException, ClassNotFoundException, NotActiveException { 166 return super.readFields(); 167 } 168 } 169 170 class TestObjectInputStream_readUnshared extends ObjectInputStream { 171 TestObjectInputStream_readUnshared(InputStream s) throws StreamCorruptedException, IOException { 172 super(s); 173 } 174 @Override 175 public Object readUnshared() throws IOException, ClassNotFoundException { 176 return super.readUnshared(); 177 } 178 } 179 180 181 long id = new java.util.Date().getTime(); 182 String filename = "SecurityPermissionsTest_"+id; 183 File f = File.createTempFile(filename, null); 184 f.deleteOnExit(); 185 186 TestSecurityManager s = new TestSecurityManager(); 187 System.setSecurityManager(s); 188 189 s.reset(); 190 new ObjectInputStream(new FileInputStream(f)); 191 assertTrue("ObjectInputStream(InputStream) ctor must not call checkPermission on security manager on a class which neither overwrites methods readFields nor readUnshared", !s.called); 192 193 s.reset(); 194 new TestObjectInputStream(new FileInputStream(f)); 195 assertTrue("ObjectInputStream(InputStream) ctor must not call checkPermission on security manager on a class which neither overwrites methods readFields nor readUnshared", !s.called); 196 197 s.reset(); 198 new TestObjectInputStream_readFields(new FileInputStream(f)); 199 assertTrue("ObjectInputStream(InputStream) ctor must call checkPermission on security manager on a class which overwrites method readFields", s.called); 200 assertEquals("Name of SerializablePermission is not correct", "enableSubclassImplementation", s.permission.getName()); 201 202 s.reset(); 203 new TestObjectInputStream_readUnshared(new FileInputStream(f)); 204 assertTrue("ObjectInputStream(InputStream) ctor must call checkPermission on security manager on a class which overwrites method readUnshared", s.called); 205 assertEquals("Name of SerializablePermission is not correct", "enableSubclassImplementation", s.permission.getName()); 206 } 207 208} 209