[GR-14245] Add privileged access check detector to the JavaScript gate.

happylynx · Oct 15, 2019 · 1b9c53b · 1b9c53b
1 parent 93fafc2
commit 1b9c53b
Showing 1 changed file with 28 additions and 23 deletions.
diff --git a/vm/mx.vm/mx_vm_gate.py b/vm/mx.vm/mx_vm_gate.py
@@ -31,12 +31,11 @@
 import mx_unittest
 
 import functools
-import tempfile
 from mx_gate import Task
 
 from os import environ, listdir, remove
 from os.path import join, exists, dirname, isdir, isfile, getsize
-from tempfile import NamedTemporaryFile
+from tempfile import NamedTemporaryFile, mkdtemp
 from contextlib import contextmanager
 
 _suite = mx.suite('vm')
@@ -224,27 +223,33 @@ def _svm_truffle_tck(native_image, svm_suite, language_suite, language_id):
     if isdir(excludes_dir):
         for excludes_file in listdir(excludes_dir):
             excludes.append(join(excludes_dir, excludes_file))
-    with tempfile.NamedTemporaryFile() as report_file:
-        options = [
-            '--language:{}'.format(language_id),
-            '-H:ClassInitialization=:build_time',
-            '-H:+EnforceMaxRuntimeCompileMethods',
-            '-cp',
-            cp,
-            '--no-server',
-            '-H:-FoldSecurityManagerGetter',
-            '-H:TruffleTCKPermissionsReportFile={}'.format(report_file.name),
-            'com.oracle.svm.truffle.tck.MockMain'
-        ]
-        if excludes:
-            options.append('-H:TruffleTCKPermissionsExcludeFiles={}'.format(','.join(excludes)))
-        native_image(options)
-        if isfile(report_file.name) and getsize(report_file.name) > 0:
-            message = "Failed: Language {} performs following privileged calls:\n\n".format(language_id)
-            with open(report_file.name, "r") as f:
-                for line in f.readlines():
-                    message = message + line
-            mx.abort(message)
+    svmbuild = mkdtemp()
+    try:
+        with NamedTemporaryFile() as report_file:
+            options = [
+                '--language:{}'.format(language_id),
+                '-H:ClassInitialization=:build_time',
+                '-H:+EnforceMaxRuntimeCompileMethods',
+                '-cp',
+                cp,
+                '--no-server',
+                '-H:-FoldSecurityManagerGetter',
+                '-H:TruffleTCKPermissionsReportFile={}'.format(report_file.name),
+                '-H:Path={}'.format(svmbuild),
+                'com.oracle.svm.truffle.tck.MockMain'
+            ]
+            if excludes:
+                options.append('-H:TruffleTCKPermissionsExcludeFiles={}'.format(','.join(excludes)))
+            native_image(options)
+            if isfile(report_file.name) and getsize(report_file.name) > 0:
+                message = "Failed: Language {} performs following privileged calls:\n\n".format(language_id)
+                with open(report_file.name, "r") as f:
+                    for line in f.readlines():
+                        message = message + line
+                mx.abort(message)
+    finally:
+        mx.rmtree(svmbuild)
+
 
 def gate_svm_truffle_tck_js(tasks):
     with Task('JavaScript SVM Truffle TCK', tasks, tags=[VmGateTasks.svm_truffle_tck_js]) as t: