8259319: Illegal package access when SunPKCS11 requires SunJCE's classes

martinuy · martinuy · commit 4be2173478bd · 2021-01-12T23:44:19.000Z
Reviewed-by: valeriep, mullan
diff --git a/src/java.base/share/classes/module-info.java b/src/java.base/share/classes/module-info.java
@@ -133,6 +133,8 @@
     // additional qualified exports may be inserted at build time
     // see make/gensrc/GenModuleInfo.gmk
 
+    exports com.sun.crypto.provider to
+        jdk.crypto.cryptoki;
     exports sun.invoke.util to
         jdk.compiler,
         jdk.incubator.foreign;
diff --git a/src/java.base/share/lib/security/default.policy b/src/java.base/share/lib/security/default.policy
@@ -124,6 +124,8 @@ grant codeBase "jrt:/jdk.crypto.ec" {
 };
 
 grant codeBase "jrt:/jdk.crypto.cryptoki" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.crypto.provider";
     permission java.lang.RuntimePermission
                    "accessClassInPackage.sun.security.*";
     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
diff --git a/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java b/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2003, 2021, Oracle and/or its affiliates. All rights reserved.
  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  *
  * This code is free software; you can redistribute it and/or modify it
@@ -88,12 +88,27 @@ private static Provider getProvider(Provider p, String providerName,
         p = Security.getProvider(providerName);
         if (p == null) {
             try {
-                @SuppressWarnings("deprecation")
-                Object o = Class.forName(className).newInstance();
-                p = (Provider)o;
-            } catch (Exception e) {
-                throw new ProviderException
-                        ("Could not find provider " + providerName, e);
+                final Class<?> c = Class.forName(className);
+                p = AccessController.doPrivileged(
+                    new PrivilegedAction<Provider>() {
+                        public Provider run() {
+                            try {
+                                @SuppressWarnings("deprecation")
+                                Object o = c.newInstance();
+                                return (Provider) o;
+                            } catch (Exception e) {
+                                throw new ProviderException(
+                                        "Could not find provider " +
+                                                providerName, e);
+                            }
+                        }
+                    }, null, new RuntimePermission(
+                            "accessClassInPackage." + c.getPackageName()));
+            } catch (ClassNotFoundException e) {
+                // Unexpected, as className is not a user but a
+                // P11Util-internal value.
+                throw new ProviderException("Could not find provider " +
+                        providerName, e);
             }
         }
         return p;
diff --git a/test/jdk/sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java b/test/jdk/sun/security/pkcs11/KeyAgreement/IllegalPackageAccess.java
@@ -0,0 +1,96 @@
+/*
+ * Copyright (c) 2021, Red Hat, Inc.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.security.AllPermission;
+import java.security.KeyFactory;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.Permission;
+import java.security.PermissionCollection;
+import java.security.Permissions;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.security.Provider;
+import java.security.Security;
+import java.security.spec.X509EncodedKeySpec;
+
+/*
+ * @test
+ * @bug 8259319
+ * @library /test/lib ..
+ * @run main/othervm IllegalPackageAccess
+ */
+
+public class IllegalPackageAccess extends PKCS11Test {
+
+    private static Policy policy = Policy.getPolicy();
+    private static RuntimePermission accessPerm =
+            new RuntimePermission("accessClassInPackage.com.sun.crypto.provider");
+
+    private static class MyPolicy extends Policy {
+        @Override
+        public PermissionCollection getPermissions(ProtectionDomain domain) {
+            PermissionCollection perms = new Permissions();
+            perms.add(new AllPermission());
+            return perms;
+        }
+
+        @Override
+        public boolean implies(ProtectionDomain domain, Permission permission) {
+            if (permission.equals(accessPerm)) {
+                return policy.implies(domain, permission);
+            }
+            return super.implies(domain, permission);
+        }
+    }
+
+    public static void main(String[] args) throws Exception {
+        main(new IllegalPackageAccess(), args);
+        System.out.println("TEST PASS - OK");
+    }
+
+    @Override
+    public void main(Provider p) throws Exception {
+        Policy.setPolicy(new MyPolicy());
+        System.setSecurityManager(new SecurityManager());
+
+        // Remove all security providers so a fallback scheme
+        // that creates class instances is forced.
+        for (Provider provider : Security.getProviders()) {
+            Security.removeProvider(provider.getName());
+        }
+
+        KeyPair kp = KeyPairGenerator.getInstance("DH", p)
+                .generateKeyPair();
+        byte[] encPubKey = kp.getPublic().getEncoded();
+        KeyFactory kf = KeyFactory.getInstance("DH", p);
+
+        // Requires access to a SunJCE class that parses
+        // the encoded key.
+        kf.generatePublic(new X509EncodedKeySpec(encPubKey));
+
+        System.setSecurityManager(null);
+        Policy.setPolicy(policy);
+    }
+
+}
