JavaIoObjectInputStreamTest.java revision f6c387128427e121477c1b32ad35cdcaa5101ba3
1/* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package tests.security.permissions; 18 19import java.io.File; 20import java.io.FileInputStream; 21import java.io.FileOutputStream; 22import java.io.IOException; 23import java.io.InputStream; 24import java.io.NotActiveException; 25import java.io.ObjectInputStream; 26import java.io.ObjectOutputStream; 27import java.io.Serializable; 28import java.io.SerializablePermission; 29import java.io.StreamCorruptedException; 30import java.security.Permission; 31 32import junit.framework.TestCase; 33import dalvik.annotation.TestLevel; 34import dalvik.annotation.TestTargetClass; 35import dalvik.annotation.TestTargetNew; 36import dalvik.annotation.TestTargets; 37 38/* 39 * This class tests the security permissions which are documented in 40 * http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html#PermsAndMethods 41 * for class java.io.ObjectInputStream 42 */ 43@TestTargetClass(java.io.ObjectInputStream.class) 44public class JavaIoObjectInputStreamTest extends TestCase { 45 46 SecurityManager old; 47 48 @Override 49 protected void setUp() throws Exception { 50 old = System.getSecurityManager(); 51 super.setUp(); 52 } 53 54 @Override 55 protected void tearDown() throws Exception { 56 System.setSecurityManager(old); 57 super.tearDown(); 58 } 59 60 // needed for serialization 61 private static class Node implements Serializable { 62 private static final long serialVersionUID = 1L; 63 64 public Node(){} 65 } 66 67 68 @TestTargetNew( 69 level = TestLevel.PARTIAL_COMPLETE, 70 notes = "Verifies that ObjectInputStream.enableResolveObject method calls checkPermission on security manager.", 71 method = "enableResolveObject", 72 args = {boolean.class} 73 ) 74 public void test_ObjectInputStream() throws IOException { 75 class TestSecurityManager extends SecurityManager { 76 boolean called; 77 Permission permission; 78 void reset(){ 79 called = false; 80 permission = null; 81 } 82 @Override 83 public void checkPermission(Permission permission){ 84 if(permission instanceof SerializablePermission){ 85 called = true; 86 this.permission = permission; 87 } 88 } 89 } 90 91 // TestObjectInputStream is necessary in order to call protected 92 // method enableResolveObject 93 class TestObjectInputStream extends ObjectInputStream { 94 TestObjectInputStream(InputStream s) throws StreamCorruptedException, IOException { 95 super(s); 96 } 97 @Override 98 public boolean enableResolveObject(boolean enable) throws SecurityException { 99 return super.enableResolveObject(enable); 100 } 101 } 102 103 long id = new java.util.Date().getTime(); 104 String filename = "SecurityPermissionsTest_"+id; 105 File f = File.createTempFile(filename, null); 106 ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(f)); 107 oos.writeObject(new Node()); 108 oos.flush(); 109 oos.close(); 110 f.deleteOnExit(); 111 112 113 114 TestObjectInputStream ois = new TestObjectInputStream(new FileInputStream(f)); 115 116 TestSecurityManager s = new TestSecurityManager(); 117 System.setSecurityManager(s); 118 119 s.reset(); 120 ois.enableResolveObject(true); 121 assertTrue("ObjectInputStream.enableResolveObject(boolean) must call checkPermission on security manager", s.called); 122 assertEquals("Name of SerializablePermission is not correct", "enableSubstitution", s.permission.getName()); 123 } 124 125 @TestTargets({ 126 @TestTargetNew( 127 level = TestLevel.PARTIAL_COMPLETE, 128 notes = "Verifies that the ObjectInputStream constructor calls checkPermission on security manager.", 129 method = "ObjectInputStream", 130 args = {InputStream.class} 131 ) 132 }) 133 public void test_ObjectInputStream2() throws IOException { 134 class TestSecurityManager extends SecurityManager { 135 boolean called; 136 Permission permission; 137 void reset(){ 138 called = false; 139 permission = null; 140 } 141 @Override 142 public void checkPermission(Permission permission){ 143 if(permission instanceof SerializablePermission){ 144 called = true; 145 this.permission = permission; 146 } 147 } 148 } 149 150 // Beginning with J2SE 1.4.0, ObjectInputStream's public one-argument 151 // constructor requires the "enableSubclassImplementation" SerializablePermission 152 // when invoked (either directly or indirectly) by a subclass which overrides 153 // ObjectInputStream.readFields or ObjectInputStream.readUnshared. 154 155 156 class TestObjectInputStream extends ObjectInputStream { 157 TestObjectInputStream(InputStream s) throws StreamCorruptedException, IOException { 158 super(s); 159 } 160 } 161 162 class TestObjectInputStream_readFields extends ObjectInputStream { 163 TestObjectInputStream_readFields(InputStream s) throws StreamCorruptedException, IOException { 164 super(s); 165 } 166 @Override 167 public GetField readFields() throws IOException, ClassNotFoundException, NotActiveException { 168 return super.readFields(); 169 } 170 } 171 172 class TestObjectInputStream_readUnshared extends ObjectInputStream { 173 TestObjectInputStream_readUnshared(InputStream s) throws StreamCorruptedException, IOException { 174 super(s); 175 } 176 @Override 177 public Object readUnshared() throws IOException, ClassNotFoundException { 178 return super.readUnshared(); 179 } 180 } 181 182 183 184 long id = new java.util.Date().getTime(); 185 String filename = "SecurityPermissionsTest_"+id; 186 File f = File.createTempFile(filename, null); 187 ObjectOutputStream oos = new ObjectOutputStream(new FileOutputStream(f)); 188 oos.writeObject(new Node()); 189 oos.flush(); 190 oos.close(); 191 f.deleteOnExit(); 192 193 TestSecurityManager s = new TestSecurityManager(); 194 System.setSecurityManager(s); 195 196 s.reset(); 197 new ObjectInputStream(new FileInputStream(f)); 198 assertTrue("ObjectInputStream(InputStream) ctor must not call checkPermission on security manager on a class which neither overwrites methods readFields nor readUnshared", !s.called); 199 200 s.reset(); 201 new TestObjectInputStream(new FileInputStream(f)); 202 assertTrue("ObjectInputStream(InputStream) ctor must not call checkPermission on security manager on a class which neither overwrites methods readFields nor readUnshared", !s.called); 203 204 s.reset(); 205 new TestObjectInputStream_readFields(new FileInputStream(f)); 206 assertTrue("ObjectInputStream(InputStream) ctor must call checkPermission on security manager on a class which overwrites method readFields", s.called); 207 assertEquals("Name of SerializablePermission is not correct", "enableSubclassImplementation", s.permission.getName()); 208 209 s.reset(); 210 new TestObjectInputStream_readUnshared(new FileInputStream(f)); 211 assertTrue("ObjectInputStream(InputStream) ctor must call checkPermission on security manager on a class which overwrites method readUnshared", s.called); 212 assertEquals("Name of SerializablePermission is not correct", "enableSubclassImplementation", s.permission.getName()); 213 } 214 215} 216