[10] RFR(S) 8188775: Module jdk.internal.vm.compiler.management has not been granted accessClassInPackage.org.graalvm.compiler.hotspot
https://bugs.openjdk.java.net/browse/JDK-8188775 Changes for 8182701[1] missed changes in default.policy for new module jdk.internal.vm.compiler.management. Add missing code: src/java.base/share/lib/security/default.policy @@ -154,6 +154,10 @@ permission java.security.AllPermission; }; +grant codeBase "jrt:/jdk.internal.vm.compiler.management" { + permission java.security.AllPermission; +}; + grant codeBase "jrt:/jdk.jsobject" { permission java.security.AllPermission; }; Verified with failed test. Thanks, Vladimir [1] http://hg.openjdk.java.net/jdk10/hs/rev/8b2054b7d02c
+1 Mandy On 10/4/17 4:05 PM, Vladimir Kozlov wrote:
https://bugs.openjdk.java.net/browse/JDK-8188775
Changes for 8182701[1] missed changes in default.policy for new module jdk.internal.vm.compiler.management.
Add missing code:
src/java.base/share/lib/security/default.policy @@ -154,6 +154,10 @@ permission java.security.AllPermission; };
+grant codeBase "jrt:/jdk.internal.vm.compiler.management" { + permission java.security.AllPermission; +}; + grant codeBase "jrt:/jdk.jsobject" { permission java.security.AllPermission; };
Verified with failed test.
Thanks, Vladimir
Thank you, Mandy Vladimir On 10/4/17 4:07 PM, mandy chung wrote:
+1
Mandy
On 10/4/17 4:05 PM, Vladimir Kozlov wrote:
https://bugs.openjdk.java.net/browse/JDK-8188775
Changes for 8182701[1] missed changes in default.policy for new module jdk.internal.vm.compiler.management.
Add missing code:
src/java.base/share/lib/security/default.policy @@ -154,6 +154,10 @@ permission java.security.AllPermission; };
+grant codeBase "jrt:/jdk.internal.vm.compiler.management" { + permission java.security.AllPermission; +}; + grant codeBase "jrt:/jdk.jsobject" { permission java.security.AllPermission; };
Verified with failed test.
Thanks, Vladimir
Opps. Sorry for causing the problem. I haven't executed the test in question and thus I thought everything is OK. Thanks Vladimir for creating the fix. -jt On středa 4. října 2017 16:05:33 CEST Vladimir Kozlov wrote:
https://bugs.openjdk.java.net/browse/JDK-8188775
Changes for 8182701[1] missed changes in default.policy for new module jdk.internal.vm.compiler.management.
Add missing code:
src/java.base/share/lib/security/default.policy @@ -154,6 +154,10 @@ permission java.security.AllPermission; };
+grant codeBase "jrt:/jdk.internal.vm.compiler.management" { + permission java.security.AllPermission; +}; + grant codeBase "jrt:/jdk.jsobject" { permission java.security.AllPermission; };
Verified with failed test.
Thanks, Vladimir
On 05/10/2017 00:05, Vladimir Kozlov wrote:
https://bugs.openjdk.java.net/browse/JDK-8188775
Changes for 8182701[1] missed changes in default.policy for new module jdk.internal.vm.compiler.management.
Add missing code:
src/java.base/share/lib/security/default.policy @@ -154,6 +154,10 @@ permission java.security.AllPermission; };
+grant codeBase "jrt:/jdk.internal.vm.compiler.management" { + permission java.security.AllPermission; +}; + This looks okay to me although it would be nice if we could identify the minimal permissions rather than granting it AllPermission.
-Alan
On 10/9/17 3:55 AM, Alan Bateman wrote:
On 05/10/2017 00:05, Vladimir Kozlov wrote:
https://bugs.openjdk.java.net/browse/JDK-8188775
Changes for 8182701[1] missed changes in default.policy for new module jdk.internal.vm.compiler.management.
Add missing code:
src/java.base/share/lib/security/default.policy @@ -154,6 +154,10 @@ permission java.security.AllPermission; };
+grant codeBase "jrt:/jdk.internal.vm.compiler.management" { + permission java.security.AllPermission; +}; + This looks okay to me although it would be nice if we could identify the minimal permissions rather than granting it AllPermission.
+1. Is there any reason you did not just grant it RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot"? I see you have already pushed the fix, so I would recommend opening another issue to only grant the required permissions to the jdk.internal.vm.compiler.management module. Thanks, Sean
On 10/9/17 3:55 AM, Alan Bateman wrote:
On 05/10/2017 00:05, Vladimir Kozlov wrote:
https://bugs.openjdk.java.net/browse/JDK-8188775
Changes for 8182701[1] missed changes in default.policy for new module jdk.internal.vm.compiler.management.
Add missing code:
src/java.base/share/lib/security/default.policy @@ -154,6 +154,10 @@ permission java.security.AllPermission; };
+grant codeBase "jrt:/jdk.internal.vm.compiler.management" { + permission java.security.AllPermission; +}; + This looks okay to me although it would be nice if we could identify the minimal permissions rather than granting it AllPermission.
+1. Is there any reason you did not just grant it RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot"? I see you have already pushed the fix, so I would recommend opening another issue to only grant the required permissions to the jdk.internal.vm.compiler.management module. Thanks, Sean
Thank you Alan and Sean, I copied preceding code for jdk.internal.vm.compiler because it is not clear for me if accessClassInPackage is enough for all cases. Anyway, I filed next issue to find minimum required permission as you suggested. https://bugs.openjdk.java.net/browse/JDK-8189116 Thanks, Vladimir On 10/10/17 5:26 AM, Sean Mullan wrote:
On 10/9/17 3:55 AM, Alan Bateman wrote:
On 05/10/2017 00:05, Vladimir Kozlov wrote:
https://bugs.openjdk.java.net/browse/JDK-8188775
Changes for 8182701[1] missed changes in default.policy for new module jdk.internal.vm.compiler.management.
Add missing code:
src/java.base/share/lib/security/default.policy @@ -154,6 +154,10 @@ permission java.security.AllPermission; };
+grant codeBase "jrt:/jdk.internal.vm.compiler.management" { + permission java.security.AllPermission; +}; + This looks okay to me although it would be nice if we could identify the minimal permissions rather than granting it AllPermission.
+1.
Is there any reason you did not just grant it RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot"?
I see you have already pushed the fix, so I would recommend opening another issue to only grant the required permissions to the jdk.internal.vm.compiler.management module.
Thanks, Sean
participants (5)
-
Alan Bateman
-
Jaroslav Tulach
-
mandy chung
-
Sean Mullan
-
Vladimir Kozlov