Bug 46773

Summary:	[METABUG] Calling Policy.setPolicy with a new Policy object has no effect on the DefaultSecurityManager
Product:	classpath	Reporter:	Andrew John Hughes <gnu_andrew>
Component:	classpath	Assignee:	Not yet assigned to anyone <unassigned>
Status:	RESOLVED FIXED
Severity:	normal
Priority:	P3
Version:	0.98
Target Milestone:	---
Host:		Target:
Build:		Known to work:
Known to fail:		Last reconfirmed:
Bug Depends on:	46774, 46775
Bug Blocks:

Description Andrew John Hughes 2010-12-03 00:29:12 UTC

As shown by running this new Mauve test:

http://sources.redhat.com/cgi-bin/cvsweb.cgi/mauve/gnu/testlet/java/security/Policy/setPolicy.java?rev=1.1&content-type=text/x-cvsweb-markup&cvsroot=mauve

calling setPolicy has no effect on the default SecurityManager implementation provided by GNU Classapath.

This is because VMAccessController creates ProtectionDomain objects using the two argument constructor which uses static permissions.  The four argument constructor should be used instead so the policy is consulted.

Fixing this requires changes in a VM class which seems to have local copies in most Classpath VMs (at least CACAO, gij and jamvm).  This metabug thus tracks fixing the issue separately in both gcj and Classpath's reference copy.

Comment 1 Andrew John Hughes 2010-12-20 20:40:00 UTC

Patched in both GNU Classpath and JamVM.

Reported to:

* CACAO: http://server.complang.tuwien.ac.at/cgi-bin/bugzilla/show_bug.cgi?id=152
* JamVM

Comment 2 Andrew John Hughes 2010-12-20 20:40:54 UTC

Above should say 'Patched in both GNU Classpath and GCJ' :-)

Comment 3 Andrew John Hughes 2010-12-20 20:58:09 UTC

http://sourceforge.net/mailarchive/forum.php?thread_name=20101220203243.GH25130%40rivendell.middle-earth.co.uk&forum_name=jamvm-general