AgentModule should set ProtectionDomain when defining classes #1425

Godin · 2023-04-09T21:46:00Z

Execution of

java \
    -Djava.security.manager -Djava.security.policy==policy.txt -Djava.security.debug=access,failure \
    -javaagent:jacocoagent.jar=output=none \
    -version

using the following policy.txt

grant codeBase "file:${user.dir}/jacocoagent.jar" {
    permission java.security.AllPermission;
};

and JaCoCo agent version 0.8.8 leads to

openjdk version "11.0.6" 2020-01-14
OpenJDK Runtime Environment AdoptOpenJDK (build 11.0.6+10)
OpenJDK 64-Bit Server VM AdoptOpenJDK (build 11.0.6+10, mixed mode)

Whereas using JaCoCo agent version 0.8.9 leads to

access: access denied ("java.io.FilePermission" "/private/tmp/jacoco/jacocoagent.jar" "read")
java.lang.Exception: Stack trace
        at java.base/java.lang.Thread.dumpStack(Thread.java:1387)
        at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:462)
        at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
        at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
        at java.base/java.lang.SecurityManager.checkRead(SecurityManager.java:661)
        at java.base/jdk.internal.loader.URLClassPath.check(URLClassPath.java:555)
        at java.base/jdk.internal.loader.URLClassPath.checkURL(URLClassPath.java:529)
        at java.base/jdk.internal.loader.BuiltinClassLoader.checkURL(BuiltinClassLoader.java:1018)
        at java.base/jdk.internal.loader.BuiltinClassLoader.findResource(BuiltinClassLoader.java:303)
        at java.base/java.lang.ClassLoader.getResource(ClassLoader.java:1400)
        at java.base/java.lang.ClassLoader.getResource(ClassLoader.java:1395)
        at java.base/java.lang.ClassLoader.getResourceAsStream(ClassLoader.java:1736)
        at org.jacoco.agent.rt.internal_e5ed502.AgentModule$1.loadClass(AgentModule.java:70)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
        at org.jacoco.agent.rt.internal_e5ed502.core.runtime.InjectedClassRuntime.startup(InjectedClassRuntime.java:55)
        at org.jacoco.agent.rt.internal_e5ed502.PreMain.premain(PreMain.java:50)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:513)
        at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:525)
access: access allowed ("java.security.SecurityPermission" "getPolicy")
access: domain that failed ProtectionDomain  (null <no signer certificates>)
 org.jacoco.agent.rt.internal_e5ed502.AgentModule$1@5c3bd550
 <no principals>
 java.security.Permissions@27c20538 (
 ("java.util.PropertyPermission" "java.specification.version" "read")
 ("java.util.PropertyPermission" "java.vm.vendor" "read")
 ("java.util.PropertyPermission" "path.separator" "read")
 ("java.util.PropertyPermission" "os.version" "read")
 ("java.util.PropertyPermission" "java.vendor.url" "read")
 ("java.util.PropertyPermission" "java.vm.name" "read")
 ("java.util.PropertyPermission" "java.vm.specification.version" "read")
 ("java.util.PropertyPermission" "os.name" "read")
 ("java.util.PropertyPermission" "java.version" "read")
 ("java.util.PropertyPermission" "os.arch" "read")
 ("java.util.PropertyPermission" "java.specification.vendor" "read")
 ("java.util.PropertyPermission" "java.vm.specification.name" "read")
 ("java.util.PropertyPermission" "file.separator" "read")
 ("java.util.PropertyPermission" "line.separator" "read")
 ("java.util.PropertyPermission" "java.vm.specification.vendor" "read")
 ("java.util.PropertyPermission" "java.specification.name" "read")
 ("java.util.PropertyPermission" "java.vendor" "read")
 ("java.util.PropertyPermission" "java.vm.version" "read")
 ("java.util.PropertyPermission" "java.class.version" "read")
 ("java.lang.RuntimePermission" "accessClassInPackage.com.sun.beans.*")
 ("java.lang.RuntimePermission" "accessClassInPackage.com.apple.*")
 ("java.lang.RuntimePermission" "accessClassInPackage.com.sun.java.swing.plaf.*")
 ("java.lang.RuntimePermission" "accessClassInPackage.com.sun.beans")
 ("java.net.SocketPermission" "localhost:0" "listen,resolve")
)


Exception in thread "main" java.lang.reflect.InvocationTargetException
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:513)
        at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:525)
Caused by: java.lang.NullPointerException
        at org.jacoco.agent.rt.internal_e5ed502.core.internal.InputStreams.readFully(InputStreams.java:41)
        at org.jacoco.agent.rt.internal_e5ed502.AgentModule$1.loadClass(AgentModule.java:74)
        at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:521)
        at org.jacoco.agent.rt.internal_e5ed502.core.runtime.InjectedClassRuntime.startup(InjectedClassRuntime.java:55)
        at org.jacoco.agent.rt.internal_e5ed502.PreMain.premain(PreMain.java:50)
        ... 6 more

And even for the following policy.txt

grant codeBase "file:${user.dir}/jacocoagent.jar" {
    permission java.security.AllPermission;
};

grant {
    permission java.io.FilePermission "${user.dir}/jacocoagent.jar", "read";
};

leads to

access: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
java.lang.Exception: Stack trace
        at java.base/java.lang.Thread.dumpStack(Thread.java:1387)
        at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:462)
        at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
        at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
        at java.base/java.lang.invoke.MethodHandles.privateLookupIn(MethodHandles.java:189)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.jacoco.agent.rt.internal_e5ed502.core.runtime.InjectedClassRuntime$Lookup.privateLookupIn(InjectedClassRuntime.java:123)
        at org.jacoco.agent.rt.internal_e5ed502.core.runtime.InjectedClassRuntime.startup(InjectedClassRuntime.java:55)
        at org.jacoco.agent.rt.internal_e5ed502.PreMain.premain(PreMain.java:50)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:513)
        at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:525)
access: access allowed ("java.security.SecurityPermission" "getPolicy")
access: domain that failed ProtectionDomain  (null <no signer certificates>)
 org.jacoco.agent.rt.internal_e5ed502.AgentModule$1@5c3bd550
 <no principals>
 java.security.Permissions@63753b6d (
 ("java.util.PropertyPermission" "java.specification.version" "read")
 ("java.util.PropertyPermission" "java.vm.vendor" "read")
 ("java.util.PropertyPermission" "path.separator" "read")
 ("java.util.PropertyPermission" "os.version" "read")
 ("java.util.PropertyPermission" "java.vendor.url" "read")
 ("java.util.PropertyPermission" "java.vm.name" "read")
 ("java.util.PropertyPermission" "java.vm.specification.version" "read")
 ("java.util.PropertyPermission" "os.name" "read")
 ("java.util.PropertyPermission" "java.version" "read")
 ("java.util.PropertyPermission" "os.arch" "read")
 ("java.util.PropertyPermission" "java.specification.vendor" "read")
 ("java.util.PropertyPermission" "java.vm.specification.name" "read")
 ("java.util.PropertyPermission" "file.separator" "read")
 ("java.util.PropertyPermission" "line.separator" "read")
 ("java.util.PropertyPermission" "java.vm.specification.vendor" "read")
 ("java.util.PropertyPermission" "java.specification.name" "read")
 ("java.util.PropertyPermission" "java.vendor" "read")
 ("java.util.PropertyPermission" "java.vm.version" "read")
 ("java.util.PropertyPermission" "java.class.version" "read")
 ("java.lang.RuntimePermission" "accessClassInPackage.com.sun.beans.*")
 ("java.lang.RuntimePermission" "accessClassInPackage.com.apple.*")
 ("java.lang.RuntimePermission" "accessClassInPackage.com.sun.java.swing.plaf.*")
 ("java.lang.RuntimePermission" "accessClassInPackage.com.sun.beans")
 ("java.net.SocketPermission" "localhost:0" "listen,resolve")
 ("java.io.FilePermission" "/private/tmp/jacoco/jacocoagent.jar#plus" "read")
)


Exception in thread "main" java.lang.reflect.InvocationTargetException
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndStartAgent(InstrumentationImpl.java:513)
        at java.instrument/sun.instrument.InstrumentationImpl.loadClassAndCallPremain(InstrumentationImpl.java:525)
Caused by: java.lang.reflect.InvocationTargetException
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
        at java.base/jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
        at java.base/jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
        at java.base/java.lang.reflect.Method.invoke(Method.java:566)
        at org.jacoco.agent.rt.internal_e5ed502.core.runtime.InjectedClassRuntime$Lookup.privateLookupIn(InjectedClassRuntime.java:123)
        at org.jacoco.agent.rt.internal_e5ed502.core.runtime.InjectedClassRuntime.startup(InjectedClassRuntime.java:55)
        at org.jacoco.agent.rt.internal_e5ed502.PreMain.premain(PreMain.java:50)
        ... 6 more
Caused by: java.security.AccessControlException: access denied ("java.lang.reflect.ReflectPermission" "suppressAccessChecks")
        at java.base/java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
        at java.base/java.security.AccessController.checkPermission(AccessController.java:897)
        at java.base/java.lang.SecurityManager.checkPermission(SecurityManager.java:322)
        at java.base/java.lang.invoke.MethodHandles.privateLookupIn(MethodHandles.java:189)
        ... 13 more

i.e. AgentModule introduced in #1334 creates ClassLoader which defines classes with null instead of ProtectionDomain of JaCoCo agent.

So requires the following policy.txt

grant codeBase "file:${user.dir}/jacocoagent.jar" {
    permission java.security.AllPermission;
};

grant {
    permission java.io.FilePermission "${user.dir}/jacocoagent.jar", "read";
    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
    permission java.lang.RuntimePermission "defineClass";
};

marchof

@Godin Thanks fir digging into this! As this probably was a regression for some users I think an entry in the change log would be worth it.

Godin · 2023-04-21T09:57:11Z

@marchof I added an integration test and updated the changelog.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [org.apache.maven.plugins:maven-compiler-plugin](https://maven.apache.org/plugins/) | build | minor | `3.10.1` -> `3.11.0` | | [org.jacoco:jacoco-maven-plugin](https://www.jacoco.org/jacoco/trunk/doc/maven.html) ([source](https://github.com/jacoco/jacoco)) | build | patch | `0.8.8` -> `0.8.10` | | [com.graphhopper:graphhopper-map-matching](https://www.graphhopper.com) ([source](https://github.com/graphhopper/graphhopper)) | compile | patch | `7.0` -> `7.0-testgithub6` | | [com.graphhopper:graphhopper-core](https://www.graphhopper.com) ([source](https://github.com/graphhopper/graphhopper)) | compile | patch | `7.0` -> `7.0-testgithub6` | | [org.springframework.boot:spring-boot-starter-parent](https://spring.io/projects/spring-boot) ([source](https://github.com/spring-projects/spring-boot)) | parent | patch | `3.0.5` -> `3.0.6` | --- ### Release Notes <details> <summary>jacoco/jacoco</summary> ### [`v0.8.10`](https://github.com/jacoco/jacoco/releases/tag/v0.8.10): 0.8.10 [Compare Source](jacoco/jacoco@v0.8.9...v0.8.10) #### Fixed bugs - Agent should not require configuration of permissions for `SecurityManager` outside of its `codeBase` (GitHub [#1425](jacoco/jacoco#1425)). ### [`v0.8.9`](https://github.com/jacoco/jacoco/releases/tag/v0.8.9): 0.8.9 [Compare Source](jacoco/jacoco@v0.8.8...v0.8.9) #### New Features - JaCoCo now officially supports Java 19 and 20 (GitHub [#1371](jacoco/jacoco#1371), [#1386](jacoco/jacoco#1386)). - Experimental support for Java 21 class files (GitHub [#1386](jacoco/jacoco#1386)). - Add parameter to include the current project in the `report-aggregate` Maven goal (GitHub [#1007](jacoco/jacoco#1007)). - Component accessors generated by the Java compilers for records are filtered out during generation of report. Contributed by Tesla Zhang (GitHub [#1393](jacoco/jacoco#1393)). #### Fixed bugs - Agent should not open `java.lang` package to unnamed module of the application class loader (GitHub [#1334](jacoco/jacoco#1334)). #### Non-functional Changes - JaCoCo now depends on ASM 9.5 (GitHub [#1299](jacoco/jacoco#1299), [#1368](jacoco/jacoco#1368), [#1416](jacoco/jacoco#1416)). - JaCoCo build now requires JDK 11 (GitHub [#1413](jacoco/jacoco#1413)). </details> <details> <summary>graphhopper/graphhopper</summary> ### [`v7.0-pre2`](graphhopper/graphhopper@7.0-pre1...7.0-pre2) [Compare Source](graphhopper/graphhopper@7.0-pre1...7.0-pre2...

Godin self-assigned this Apr 9, 2023

Godin added the type: bug 🐛 Something isn't working label Apr 9, 2023

Godin added this to the 0.8.10 milestone Apr 9, 2023

Godin added this to Implementation in Current work items via automation Apr 9, 2023

Godin mentioned this pull request Apr 9, 2023

Agent should not open java.lang package to unnamed module of the application class loader #1334

Merged

pzygielo mentioned this pull request Apr 10, 2023

Bump jacoco-maven-plugin from 0.8.8 to 0.8.9 eclipse-ee4j/glassfish-hk2#819

Closed

Godin force-pushed the set_ProtectionDomain branch 2 times, most recently from 79d5bc8 to 7edc511 Compare April 15, 2023 19:57

Godin moved this from Implementation to Review in Current work items Apr 15, 2023

Godin marked this pull request as ready for review April 15, 2023 20:19

Godin requested a review from marchof April 15, 2023 20:19

marchof requested changes Apr 16, 2023

View reviewed changes

Godin closed this Apr 19, 2023

Current work items automation moved this from Review to Done Apr 19, 2023

Godin deleted the set_ProtectionDomain branch April 19, 2023 10:01

Godin restored the set_ProtectionDomain branch April 19, 2023 10:02

Godin reopened this Apr 19, 2023

(WIP) add integration test

d18b11c

Godin force-pushed the set_ProtectionDomain branch from 5522e1d to d18b11c Compare April 19, 2023 13:02

Godin added 3 commits April 19, 2023 15:14

(WIP) update unit test

0003711

(WIP) fix

8f2d86e

(WIP) use minimal required set of permissions in integration test

c4b7a99

Godin moved this from Done to Review in Current work items Apr 19, 2023

(WIP) update changelog

2e80340

Godin requested a review from marchof April 21, 2023 09:56

Godin added the component: core label Apr 21, 2023

marchof approved these changes Apr 21, 2023

View reviewed changes

marchof merged commit 8f1daf9 into jacoco:master Apr 21, 2023
22 checks passed

Current work items automation moved this from Review to Done Apr 21, 2023

Godin deleted the set_ProtectionDomain branch April 21, 2023 13:52

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

AgentModule should set ProtectionDomain when defining classes #1425

AgentModule should set ProtectionDomain when defining classes #1425

Godin commented Apr 9, 2023 •

edited

marchof left a comment

Godin commented Apr 21, 2023

AgentModule should set ProtectionDomain when defining classes #1425

AgentModule should set ProtectionDomain when defining classes #1425

Conversation

Godin commented Apr 9, 2023 • edited

marchof left a comment

Choose a reason for hiding this comment

Godin commented Apr 21, 2023

Godin commented Apr 9, 2023 •

edited