While working on module de-privileging work, moving a specific module
out of the boot loader and granting it a minimal set of permissions, a
jtreg issue was noticed; testng.jar should be granted all permissions.

When running a testng test with a minimal set of permissions, e.g.
@run testng/othervm/java.security.policy=test.policy Test, it fails in
many places where it is obvious that testng is attempting to perform
a privileged operation, reflection to invoke the test entry point, reading
properties, etc.

It can be seen that jtreg already “rewrites” the policy file specified by a test
to grant several jtreg jars all permissions ( example below ). I think that
testng.jar should have similar.

$ cat /repos/jdk9/sandbox/jdk/test/JTwork/scratch/0/test.policy_new
// The following grant entries were added by JavaTest. Do not edit.
grant {
   permission java.io.FilePermission "/repos/jdk9/sandbox/jdk/test/JTwork/classes/0${/}-", "read";
};
grant codebase "file:/tools/jtreg/lib/javatest.jar" {
   permission java.security.AllPermission;
};
grant codebase "file:/tools/jtreg/lib/jtreg.jar" {
   permission java.security.AllPermission;
};

// original policy file:
grant codeBase "file:${test.classes}/*” {
    …. minimal set of permissions required for the test
}

--

com.sun.javatest.regtest.exec.Action::addGrantEntry could be updated
to grant all permissions to testng.jar. Otherwise, a system property,
exposing the testng.jar file location, could be exposed so that it is trivial
for a test to grant testng the required permissions.

There are no known, acceptable, workarounds to this issue.
For example, the following hardcodes the file URL of testng.jar:

  grant codebase "file:/tools/jtreg/lib/testng.jar" {
      permission java.security.AllPermission;
  };
  grant codeBase "file:${test.classes}/*” {
       …. minimal set of permissions required for the test
  }