-- review findings
diff --git a/compiler/javac-wrapper/src/org/jetbrains/kotlin/javac/JavacWrapper.kt b/compiler/javac-wrapper/src/org/jetbrains/kotlin/javac/JavacWrapper.kt
index 9785c55..dbda4b2 100644
--- a/compiler/javac-wrapper/src/org/jetbrains/kotlin/javac/JavacWrapper.kt
+++ b/compiler/javac-wrapper/src/org/jetbrains/kotlin/javac/JavacWrapper.kt
@@ -67,7 +67,7 @@
private val packagePartsProviders: List<PackagePartProvider>,
private val compileJava: Boolean,
private val outputDirectory: File?,
- private val context: Context
+ private val context: Context,
) : Closeable {
private val localFileSystem = VirtualFileManager.getInstance().getFileSystem(StandardFileSystems.FILE_PROTOCOL)!!
private val jarFileSystem = VirtualFileManager.getInstance().getFileSystem(StandardFileSystems.JAR_PROTOCOL)!!
@@ -113,7 +113,13 @@
javac.keepComments = true
// use rt.jar instead of lib/ct.sym
fileManager.setSymbolFileEnabled(false)
- System.setProperty("java.ext.dirs", System.getProperty("java.ext.dirs").split(":").filter { it.contains("/jre/lib/ext") || it.contains("\\jre\\lib\\ext") }.joinToString(":"))
+ System.setProperty(
+ "java.ext.dirs",
+ System.getProperty("java.ext.dirs")
+ .split(":")
+ .filter { it.contains("/jre/lib/ext") || it.contains("\\jre\\lib\\ext") }
+ .joinToString(":")
+ )
bootClasspath?.let {
val cp = fileManager.getLocation(PLATFORM_CLASS_PATH) + jvmClasspathRoots
fileManager.setLocation(PLATFORM_CLASS_PATH, it)
@@ -179,7 +185,8 @@
val outputPath =
// Includes a hack with 'takeIf' for CLI test, to have stable string here (independent from random test directory)
- fileManager.getLocation(CLASS_OUTPUT)?.firstOrNull()?.path?.takeIf { "tests-integrationProject_test" !in it } ?: "test directory"
+ fileManager.getLocation(CLASS_OUTPUT)?.firstOrNull()?.path?.takeIf { "tests-integrationProject_test" !in it }
+ ?: "test directory"
context.get(Log.outKey)?.print("Compiling $javaFilesNumber Java source files to [$outputPath]")
compile(fileObjects)
errorCount() == 0
diff --git a/compiler/test-infrastructure-utils/tests/org/jetbrains/kotlin/codegen/forTestCompile/ForTestCompileRuntime.java b/compiler/test-infrastructure-utils/tests/org/jetbrains/kotlin/codegen/forTestCompile/ForTestCompileRuntime.java
index 230a4ef..f4a5fcd 100644
--- a/compiler/test-infrastructure-utils/tests/org/jetbrains/kotlin/codegen/forTestCompile/ForTestCompileRuntime.java
+++ b/compiler/test-infrastructure-utils/tests/org/jetbrains/kotlin/codegen/forTestCompile/ForTestCompileRuntime.java
@@ -71,18 +71,18 @@
public static File transform(String path) {
String property = getProperty(KOTLIN_TESTDATA_ROOTS);
- Map<String, String> testDataRoots = new HashMap<>();
if (property != null) {
@NotNull String[] roots = property.split(";");
- for (String root : roots){
- testDataRoots.put(root.substring(0, root.indexOf('=')), root.substring(root.indexOf('=') + 1));
+ for (String root : roots) {
+ String relativePath = root.substring(0, root.indexOf('='));
+ String absolutePath = root.substring(root.indexOf('=') + 1);
+
+ if (path.startsWith(relativePath + "/")) {
+ return new File(path.replace(relativePath, absolutePath));
+ }
}
}
- Optional<String> match = testDataRoots.keySet().stream().filter(path::startsWith).findFirst();
- if (match.isPresent()) {
- String root = match.get();
- return new File(path.replace(root, testDataRoots.get(root)));
- }
+
return new File(path);
}
diff --git a/repo/gradle-build-conventions/compiler-tests-convention/src/main/kotlin/test-inputs-check.gradle.kts b/repo/gradle-build-conventions/compiler-tests-convention/src/main/kotlin/test-inputs-check.gradle.kts
index df462bc..e603fa1 100644
--- a/repo/gradle-build-conventions/compiler-tests-convention/src/main/kotlin/test-inputs-check.gradle.kts
+++ b/repo/gradle-build-conventions/compiler-tests-convention/src/main/kotlin/test-inputs-check.gradle.kts
@@ -5,19 +5,55 @@
val disableInputsCheck = project.providers.gradleProperty("kotlin.test.instrumentation.disable.inputs.check").orNull?.toBoolean() == true
if (!disableInputsCheck && !OperatingSystem.current().isWindows) {
+ fun File.parents(stopPath: String): Sequence<File> {
+ return sequence {
+ var f: File? = this@parents.parentFile
+ while (f != null && f.canonicalPath != stopPath) {
+ yield(f)
+ f = f.parentFile
+ }
+ }
+ }
+
+ fun parentsReadPermission(file: File, stopPath: String): List<String> {
+ return file.parents(stopPath).map { parent ->
+ """permission java.io.FilePermission "${parent.absolutePath}", "read";"""
+ }.toList()
+ }
+
+ fun getDebuggerAgentJar(): String? {
+ return System.getenv("PROCESS_OPTIONS")
+ ?.split(", ")?.asSequence()
+ ?.map { it.trim() }
+ ?.filter { it.isNotEmpty() }
+ ?.find { it.startsWith("-javaagent:") && it.contains("debugger-agent.jar") }
+ ?.removePrefix("-javaagent:")
+ ?.substringBefore("=")
+ }
+
+ fun getJDKFromToolchain(service: JavaToolchainService, version: Int): String {
+ return service.launcherFor {
+ languageVersion.set(JavaLanguageVersion.of(version))
+ }.orNull?.executablePath?.asFile?.parentFile?.parentFile?.parentFile?.parentFile?.absolutePath
+ ?: error("Can't find toolchain for $version")
+ }
+
tasks.withType<Test>().names.forEach { taskName ->
tasks.named<Test>(taskName) {
mustRunAfter(tasks.named("processTestResources"))
+
val permissionsTemplateFile = rootProject.file("tests-permissions.template.policy")
inputs.file(permissionsTemplateFile).withPathSensitivity(PathSensitivity.RELATIVE)
+
val policyFileProvider: Provider<RegularFile> = layout.buildDirectory.file("permissions-for-$taskName.policy")
outputs.file(policyFileProvider).withPropertyName("policyFile")
- val service = project.extensions.getByType<JavaToolchainService>()
+
+ val service: JavaToolchainService = project.extensions.getByType<JavaToolchainService>()
val rootDirPath = rootDir.canonicalPath
val buildDir = layout.buildDirectory
val gradleUserHomeDir = project.gradle.gradleUserHomeDir.absolutePath
+
val javaVersion = provider { tasks.named<Test>(taskName).map { it.javaLauncher.get().metadata.languageVersion.asInt() }.get() }
- val defineJDKEnvVariables: List<Int> = listOf(8, 11, 17, 21)
inputs.property("javaVersion", javaVersion)
doFirst {
@@ -25,71 +61,59 @@
throw GradleException("Security policy template file not found at: ${permissionsTemplateFile.absolutePath}")
}
- fun getDebuggerAgentJar(): String? {
- return System.getenv("PROCESS_OPTIONS")
- ?.split(", ")?.asSequence()
- ?.map { it.trim() }
- ?.filter { it.isNotEmpty() }
- ?.find { it.startsWith("-javaagent:") && it.contains("debugger-agent.jar") }
- ?.removePrefix("-javaagent:")
- ?.substringBefore("=")
- }
-
- fun parentsReadPermission(file: File): List<String> {
- val parents = mutableListOf<String>()
- var p: File? = file.parentFile
- while (p != null && p.canonicalPath != rootDirPath) {
- parents.add("""permission java.io.FilePermission "${p.absolutePath}", "read";""")
- p = p.parentFile
- }
- return parents
- }
-
val javaLibraryPaths = System.getProperty("java.library.path", "")
.split(File.pathSeparatorChar)
.filterNot { it.isBlank() }
.map { """permission java.io.FilePermission "$it${File.separatorChar}-", "read";""" }
val addedDirs = HashSet<File>()
+
val inputPermissions: Set<String> = inputs.files.flatMapTo(HashSet<String>()) { file ->
- if (file.isDirectory()) {
- addedDirs.add(file)
- listOf(
- """permission java.io.FilePermission "${file.absolutePath}/", "read";""",
- """permission java.io.FilePermission "${file.absolutePath}/-", "read${
- // We write to the testData folder from tests...
- if (file.canonicalPath.contains("/testData/")) ",write" else ""
- }";""",
- )
- } else if (file.extension == "class") {
- listOfNotNull(
- """permission java.io.FilePermission "${file.parentFile.absolutePath}/-", "read";""".takeIf {
- addedDirs.add(
- file.parentFile
- )
- }
- )
- } else if (file.extension == "jar") {
- listOf(
- """permission java.io.FilePermission "${file.absolutePath}", "read";""",
- """permission java.io.FilePermission "${file.parentFile.absolutePath}", "read";""",
- )
- } else if (file != null) {
- val parents = parentsReadPermission(file)
- listOf(
- """permission java.io.FilePermission "${file.absolutePath}", "read${
- if (file.extension == "txt") {
- ",delete"
- } else {
- ""
+ when {
+ file.isDirectory() -> {
+ addedDirs.add(file)
+ listOf(
+ """permission java.io.FilePermission "${file.absolutePath}/", "read";""",
+ """permission java.io.FilePermission "${file.absolutePath}/-", "read${
+ // We write to the testData folder from tests...
+ if (file.canonicalPath.contains("/testData/")) ",write" else ""
+ }";""",
+ )
+ }
+ file.extension == "class" -> {
+ listOfNotNull(
+ """permission java.io.FilePermission "${file.parentFile.absolutePath}/-", "read";""".takeIf {
+ addedDirs.add(
+ file.parentFile
+ )
}
- }";""",
- ) + parents
- } else emptyList()
+ )
+ }
+ file.extension == "jar" -> {
+ listOf(
+ """permission java.io.FilePermission "${file.absolutePath}", "read";""",
+ """permission java.io.FilePermission "${file.parentFile.absolutePath}", "read";""",
+ )
+ }
+ file != null -> {
+ val parents = parentsReadPermission(file, rootDirPath)
+ listOf(
+ """permission java.io.FilePermission "${file.absolutePath}", "read${
+ if (file.extension == "txt") {
+ ",delete"
+ } else {
+ ""
+ }
+ }";""",
+ ) + parents
+ }
+ else -> emptyList()
+ }
} +
"""permission java.io.FilePermission "${buildDir.get().asFile.absolutePath}/-", "read,write,execute,delete";""" +
javaLibraryPaths +
(getDebuggerAgentJar()?.let { """permission java.io.FilePermission "$it", "read";""" } ?: "")
+ // Copied from some because we want
fun calcCanonicalTempPath(): String {
val file = File(System.getProperty("java.io.tmpdir"))
try {
@@ -98,36 +122,46 @@
return canonical
}
} catch (_: IOException) {
+ // HERE?
}
return file.absolutePath
}
- val temp_dir = calcCanonicalTempPath()
+ val tempDir = calcCanonicalTempPath()
val policyFile = policyFileProvider.get().asFile
policyFile.parentFile.mkdirs()
+
try {
policyFile.writeText(
- permissionsTemplateFile.readText().replace(
- "{{temp_dir}}",
- (parentsReadPermission(File(temp_dir)) + """permission java.io.FilePermission "$temp_dir/-", "read,write,delete";""" + """permission java.io.FilePermission "$temp_dir", "read";""").joinToString(
- "\n "
+ permissionsTemplateFile.readText()
+ .replace(
+ "{{temp_dir}}",
+ (parentsReadPermission(
+ File(tempDir),
+ rootDirPath
+ ) + """permission java.io.FilePermission "$tempDir/-", "read,write,delete";""" + """permission java.io.FilePermission "$tempDir", "read";""").joinToString(
+ "\n "
+ )
+ ).replace(
+ "{{jdk}}",
+ ((setOf(8, 11, 17, 21) + javaVersion.get()).map { version ->
+ """permission java.io.FilePermission "${getJDKFromToolchain(service, version)}/-", "read,execute";"""
+ }).joinToString("\n ")
)
- ).replace("{{jdk}}", ((defineJDKEnvVariables + javaVersion.get()).map { version ->
- val jdkHome = service.launcherFor {
- languageVersion.set(JavaLanguageVersion.of(version))
- }.orNull?.executablePath?.asFile?.parentFile?.parentFile?.parentFile?.parentFile?.absolutePath
- ?: error("Can't find toolchain for $version")
- """permission java.io.FilePermission "$jdkHome/-", "read,execute";"""
- }).joinToString("\n ")).replace(
- "{{gradle_user_home}}", """$gradleUserHomeDir"""
- ).replace("{{inputs}}", inputPermissions.sorted().joinToString("\n ")))
+ .replace(
+ "{{gradle_user_home}}", """$gradleUserHomeDir"""
+ )
+ .replace("{{inputs}}", inputPermissions.sorted().joinToString("\n "))
+ )
} catch (e: IOException) {
logger.error("Failed to generate security policy file", e)
throw e
}
}
- println("Security policy for test inputs generated to ${policyFileProvider.get().asFile.absolutePath}")
+
+ logger.info("Security policy for test inputs generated to ${policyFileProvider.get().asFile.absolutePath}")
+
jvmArgs(
"-Djava.security.policy=${policyFileProvider.get().asFile.absolutePath}",
"-Djava.security.debug=failure",
diff --git a/tests-permissions.template.policy b/tests-permissions.template.policy
index 7e73b28..cb2e77e 100644
--- a/tests-permissions.template.policy
+++ b/tests-permissions.template.policy
@@ -19,14 +19,18 @@
permission java.util.PropertyPermission "java.ext.dirs", "write";
permission java.util.PropertyPermission "platform.random.idempotence.check.rate", "write";
permission java.util.PropertyPermission "apple.awt.UIElement", "write";
- permission java.io.FilePermission "{{gradle_user_home}}/-", "read,write,delete,execute";
- // SystemInfo.isCrostini()
+
+ // com.intellij.openapi.util.SystemInfo.isCrostini()
permission java.io.FilePermission "/dev/.cros_milestone", "read";
+ permission java.io.FilePermission "{{gradle_user_home}}/-", "read,write,delete,execute";
+
+ {{java-debug-agent-jar}}
+
// Temp directory
{{temp_dir}}
- // JDK
+ // JDKs
{{jdk}}
// Allow access to declared input directories
