From ca2d91adc04d65fc6fbdde9e35947e4a5cbea465 Mon Sep 17 00:00:00 2001 From: Christian Femers Date: Wed, 20 Jan 2021 01:19:45 +0100 Subject: [PATCH] Improve SecurityManager to accept doPrivileged in general We only make an exception for checkPackageAccess for now --- .../api/security/ArtemisSecurityManager.java | 30 ++++++++++++++----- 1 file changed, 23 insertions(+), 7 deletions(-) diff --git a/src/main/java/de/tum/in/test/api/security/ArtemisSecurityManager.java b/src/main/java/de/tum/in/test/api/security/ArtemisSecurityManager.java index a25e4fff..00f6ac62 100644 --- a/src/main/java/de/tum/in/test/api/security/ArtemisSecurityManager.java +++ b/src/main/java/de/tum/in/test/api/security/ArtemisSecurityManager.java @@ -7,7 +7,6 @@ import java.io.SerializablePermission; import java.lang.StackWalker.StackFrame; import java.lang.Thread.State; -import java.lang.invoke.LambdaMetafactory; import java.lang.management.ManagementPermission; import java.lang.reflect.ReflectPermission; import java.net.InetAddress; @@ -16,6 +15,7 @@ import java.net.UnknownHostException; import java.nio.charset.StandardCharsets; import java.nio.file.Path; +import java.security.AccessController; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.Permission; @@ -32,6 +32,7 @@ import java.util.concurrent.ForkJoinWorkerThread; import java.util.concurrent.atomic.AtomicInteger; import java.util.function.BiConsumer; +import java.util.function.Predicate; import java.util.function.Supplier; import java.util.stream.Collectors; import java.util.stream.Stream; @@ -405,8 +406,8 @@ public void checkPackageAccess(String pkg) { checkForNonWhitelistedStackFrames(() -> { LOG.warn("BAD PACKAGE ACCESS: {} (BL:{}, WL:{})", pkg, isPackageBlacklisted(pkg), isPackageWhitelisted(pkg)); - return formatLocalized("security.error_disallowed_package", pkg); - }); // $NON-NLS-1$ + return formatLocalized("security.error_disallowed_package", pkg); // $NON-NLS-1$ + }, stackFrame -> true); } } finally { exitPublicInterface(); @@ -430,6 +431,17 @@ private boolean isPackageWhitelisted(String packageName) { private void checkForNonWhitelistedStackFrames(Supplier message) { var nonWhitelisted = getNonWhitelistedStackFrames(); + throwSecurityExceptionIfNonWhitelistedFound(message, nonWhitelisted); + } + + private void checkForNonWhitelistedStackFrames(Supplier message, + Predicate takeFromTopWhileFilter) { + var nonWhitelisted = getNonWhitelistedStackFrames(takeFromTopWhileFilter); + throwSecurityExceptionIfNonWhitelistedFound(message, nonWhitelisted); + } + + private static void throwSecurityExceptionIfNonWhitelistedFound(Supplier message, + List nonWhitelisted) { if (!nonWhitelisted.isEmpty()) { LOG.warn("NWSFs ==> {}", nonWhitelisted); //$NON-NLS-1$ var first = nonWhitelisted.get(0); @@ -439,20 +451,24 @@ private void checkForNonWhitelistedStackFrames(Supplier message) { } private List getNonWhitelistedStackFrames() { - // one for LambdaMetafactory itself and one for the caller + // one for AccessController itself and one for the caller DelayedFilter delayedIsNotPrivileged = new DelayedFilter<>(2, this::isNotPrivileged, true); + return getNonWhitelistedStackFrames(delayedIsNotPrivileged); + } + + private List getNonWhitelistedStackFrames(Predicate takeFromTopWhileFilter) { List result; if (isCurrentThreadWhitelisted()) { - result = stackWalker.walk(sfs -> sfs.takeWhile(delayedIsNotPrivileged) + result = stackWalker.walk(sfs -> sfs.takeWhile(takeFromTopWhileFilter) .filter(this::isStackFrameNotWhitelisted).collect(Collectors.toList())); } else { - result = stackWalker.walk(sfs -> sfs.takeWhile(delayedIsNotPrivileged).collect(Collectors.toList())); + result = stackWalker.walk(sfs -> sfs.takeWhile(takeFromTopWhileFilter).collect(Collectors.toList())); } return result; } private boolean isNotPrivileged(StackFrame stackFrame) { - return !LambdaMetafactory.class.getName().equals(stackFrame.getClassName()); + return !AccessController.class.getName().equals(stackFrame.getClassName()); } private boolean isCallNotWhitelisted(String call) {