1/* 2 * Copyright (C) 2007 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17package tests.security.permissions; 18 19import dalvik.annotation.TestTargets; 20import dalvik.annotation.TestLevel; 21import dalvik.annotation.TestTargetNew; 22import dalvik.annotation.TestTargetClass; 23 24import junit.framework.TestCase; 25 26import java.security.Permission; 27import java.security.Provider; 28import java.security.Security; 29import java.security.SecurityPermission; 30import java.util.HashSet; 31import java.util.Set; 32/* 33 * This class tests the secrity permissions which are documented in 34 * http://java.sun.com/j2se/1.5.0/docs/guide/security/permissions.html#PermsAndMethods 35 * for class java.security.Security 36 */ 37@TestTargetClass(java.security.Security.class) 38public class JavaSecuritySecurityTest extends TestCase { 39 40 SecurityManager old; 41 42 @Override 43 protected void setUp() throws Exception { 44 old = System.getSecurityManager(); 45 super.setUp(); 46 } 47 48 @Override 49 protected void tearDown() throws Exception { 50 System.setSecurityManager(old); 51 super.tearDown(); 52 } 53 54 @TestTargetNew( 55 level = TestLevel.PARTIAL_COMPLETE, 56 notes = "Verifies that getProperty() calls checkPermission on security permissions.", 57 method = "getProperty", 58 args = {java.lang.String.class} 59 ) 60 public void test_getProperty() { 61 class TestSecurityManager extends SecurityManager { 62 boolean called = false; 63 String target = null; 64 void reset() { 65 called = false; 66 target = null; 67 } 68 69 @Override 70 public void checkPermission(Permission permission) { 71 if (permission instanceof SecurityPermission) { 72 target = permission.getName(); 73 if (target.equals("getProperty.key")) { 74 called = true; 75 } 76 } 77 } 78 79 } 80 TestSecurityManager s = new TestSecurityManager(); 81 System.setSecurityManager(s); 82 83 s.reset(); 84 Security.getProperty("key"); 85 assertTrue("java.security.Security.getProperty() must call checkSecurityAccess on security manager", s.called); 86 assertEquals("Argument of checkSecurityAccess is not correct", "getProperty.key", s.target); 87 } 88 89 @TestTargetNew( 90 level = TestLevel.PARTIAL_COMPLETE, 91 notes = "Verifies that setProperty() method calls checkSecurityAccess on security manager.", 92 method = "setProperty", 93 args = {java.lang.String.class, java.lang.String.class} 94 ) 95 public void test_setProperty() { 96 class TestSecurityManager extends SecurityManager { 97 boolean called = false; 98 String target = null; 99 void reset(){ 100 called = false; 101 target = null; 102 } 103 104 @Override 105 public void checkPermission(Permission permission) { 106 if (permission instanceof SecurityPermission) { 107 target = permission.getName(); 108 if (target.equals("setProperty.key")) { 109 called = true; 110 } 111 } 112 } 113 } 114 TestSecurityManager s = new TestSecurityManager(); 115 System.setSecurityManager(s); 116 117 s.reset(); 118 Security.setProperty("key", "value"); 119 assertTrue("java.security.Security.setProperty() must call checkSecurityAccess on security manager", s.called); 120 assertEquals("Argument of checkSecurityAccess is not correct", "setProperty.key", s.target); 121 } 122 123 @TestTargets({ 124 @TestTargetNew( 125 level = TestLevel.PARTIAL_COMPLETE, 126 notes = "Verifies that addProvider(), insertProviderAt() and removeProvider() methods call checkSecurityAccess method on security manager.", 127 method = "addProvider", 128 args = {java.security.Provider.class} 129 ), 130 @TestTargetNew( 131 level = TestLevel.PARTIAL_COMPLETE, 132 notes = "Verifies that addProvider(), insertProviderAt() and removeProvider() methods call checkSecurityAccess method on security manager.", 133 method = "insertProviderAt", 134 args = {java.security.Provider.class, int.class} 135 ), 136 @TestTargetNew( 137 level = TestLevel.PARTIAL_COMPLETE, 138 notes = "Verifies that addProvider(), insertProviderAt() and removeProvider() methods call checkSecurityAccess method on security manager.", 139 method = "removeProvider", 140 args = {java.lang.String.class} 141 ) 142 }) 143 public void test_Provider() { 144 class TestSecurityManager extends SecurityManager { 145 boolean called = false; 146 Set<String> targets = new HashSet<String>(); 147 void reset(){ 148 called = false; 149 targets.clear(); 150 } 151 @Override 152 public void checkSecurityAccess(String target) { 153 called = true; 154 this.targets.add(target); 155 super.checkSecurityAccess(target); 156 } 157 158 @Override 159 public void checkPermission(Permission permission) { 160 } 161 } 162 163 class MyProvider extends Provider { 164 private static final long serialVersionUID = 1L; 165 MyProvider(){ 166 super("DummyProvider", 1.0, "Provider for test purposes only"); 167 } 168 } 169 170 Provider p = new MyProvider(); 171 172 TestSecurityManager s = new TestSecurityManager(); 173 System.setSecurityManager(s); 174 175 s.reset(); 176 Security.addProvider(p); 177 assertTrue("java.security.Security.addProvider() must call checkSecurityAccess on security manager", s.called); 178 assertTrue("Argument of checkSecurityAccess is not correct", s.targets.contains("insertProvider.DummyProvider")); 179 180 s.reset(); 181 Security.removeProvider(p.getName()); 182 assertTrue("java.security.Security.removeProvider() must call checkSecurityAccess on security manager", s.called); 183 assertTrue("Argument of checkSecurityAccess is not correct", s.targets.contains("removeProvider.DummyProvider")); 184 185 s.reset(); 186 Security.insertProviderAt(p, 0); 187 assertTrue("java.security.Security.insertProviderAt() must call checkSecurityAccess on security manager", s.called); 188 assertTrue("Argument of checkSecurityAccess is not correct", s.targets.contains("insertProvider.DummyProvider")); 189 190 Security.removeProvider(p.getName()); 191 } 192} 193