RFR 8154189: Deprivilege java.sql and java.sql.rowset module

Lance Andersen lance.andersen at oracle.com
Fri May 27 17:28:40 UTC 2016 

Hi all,

This is a request to review the changes below to Deprivilege java.sql and java.sql.rowset modules

changes to: make/common/Modules.gmk
————————

ljanders-mac:make ljanders$ hg diff
diff -r cae471d3b877 make/common/Modules.gmk
--- a/make/common/Modules.gmk	Thu May 26 17:17:51 2016 +0000
+++ b/make/common/Modules.gmk	Fri May 27 13:21:22 2016 -0400
@@ -57,7 +57,6 @@
     java.rmi \
     java.security.jgss \
     java.security.sasl \
-    java.sql \
     java.xml \
     java.xml.crypto \
     jdk.httpserver \
@@ -72,7 +71,6 @@
 
 # to be deprivileged
 BOOT_MODULES += \
-    java.sql.rowset \
     java.smartcardio \
     jdk.naming.rmi \
     #
@@ -105,6 +103,8 @@
 
 PLATFORM_MODULES += \
     java.compiler \
+    java.sql \
+    java.sql.rowset \
     java.scripting \
     jdk.accessibility \
     jdk.charsets \
ljanders-mac:make ljanders$ 


————————

Changes to: src/java.base/share/conf/security/java.policy
————————

ljanders-mac:jdk ljanders$ hg diff
diff -r df35a805b405 src/java.base/share/conf/security/java.policy
--- a/src/java.base/share/conf/security/java.policy	Fri May 27 08:52:22 2016 -0700
+++ b/src/java.base/share/conf/security/java.policy	Fri May 27 13:24:22 2016 -0400
@@ -33,6 +33,14 @@
         permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read";
 };
 
+grant codeBase "jrt:/java.sql" { 
+        permission java.security.AllPermission; 
+}; 
+
+grant codeBase "jrt:/java.sql.rowset" { 
+        permission java.security.AllPermission; 
+};
+
 grant codeBase "jrt:/jdk.crypto.ec" {
         permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
         permission java.lang.RuntimePermission "loadLibrary.sunec";
ljanders-mac:jdk ljanders$ 

————————————

As part of the testing, we have run

- CTS  JDBC tests - against Derby embedded and client driver
- All of the Derby test suites
- JTREG tests
- JCK JDBC and RowSet tests


The Derby tests suites uncovered 2 Derby specific issues which have been addressed in the derby trunk, all other tests passed

thank you and have a nice weekend

Best
Lance

 <http://oracle.com/us/design/oracle-email-sig-198324.gif>
 <http://oracle.com/us/design/oracle-email-sig-198324.gif> <http://oracle.com/us/design/oracle-email-sig-198324.gif>
 <http://oracle.com/us/design/oracle-email-sig-198324.gif>Lance Andersen| Principal Member of Technical Staff | +1.781.442.2037
Oracle Java Engineering 
1 Network Drive 
Burlington, MA 01803
Lance.Andersen at oracle.com <mailto:Lance.Andersen at oracle.com>

More information about the core-libs-dev mailing list