RFR 8154189: Deprivilege java.sql and java.sql.rowset module
Lance Andersen
lance.andersen at oracle.com
Fri May 27 17:28:40 UTC 2016
Hi all,
This is a request to review the changes below to Deprivilege java.sql and java.sql.rowset modules
changes to: make/common/Modules.gmk
————————
ljanders-mac:make ljanders$ hg diff
diff -r cae471d3b877 make/common/Modules.gmk
--- a/make/common/Modules.gmk Thu May 26 17:17:51 2016 +0000
+++ b/make/common/Modules.gmk Fri May 27 13:21:22 2016 -0400
@@ -57,7 +57,6 @@
java.rmi \
java.security.jgss \
java.security.sasl \
- java.sql \
java.xml \
java.xml.crypto \
jdk.httpserver \
@@ -72,7 +71,6 @@
# to be deprivileged
BOOT_MODULES += \
- java.sql.rowset \
java.smartcardio \
jdk.naming.rmi \
#
@@ -105,6 +103,8 @@
PLATFORM_MODULES += \
java.compiler \
+ java.sql \
+ java.sql.rowset \
java.scripting \
jdk.accessibility \
jdk.charsets \
ljanders-mac:make ljanders$
————————
Changes to: src/java.base/share/conf/security/java.policy
————————
ljanders-mac:jdk ljanders$ hg diff
diff -r df35a805b405 src/java.base/share/conf/security/java.policy
--- a/src/java.base/share/conf/security/java.policy Fri May 27 08:52:22 2016 -0700
+++ b/src/java.base/share/conf/security/java.policy Fri May 27 13:24:22 2016 -0400
@@ -33,6 +33,14 @@
permission java.io.FilePermission "${java.home}/conf/security/ucrypto-solaris.cfg", "read";
};
+grant codeBase "jrt:/java.sql" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.sql.rowset" {
+ permission java.security.AllPermission;
+};
+
grant codeBase "jrt:/jdk.crypto.ec" {
permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
permission java.lang.RuntimePermission "loadLibrary.sunec";
ljanders-mac:jdk ljanders$
————————————
As part of the testing, we have run
- CTS JDBC tests - against Derby embedded and client driver
- All of the Derby test suites
- JTREG tests
- JCK JDBC and RowSet tests
The Derby tests suites uncovered 2 Derby specific issues which have been addressed in the derby trunk, all other tests passed
thank you and have a nice weekend
Best
Lance
<http://oracle.com/us/design/oracle-email-sig-198324.gif>
<http://oracle.com/us/design/oracle-email-sig-198324.gif> <http://oracle.com/us/design/oracle-email-sig-198324.gif>
<http://oracle.com/us/design/oracle-email-sig-198324.gif>Lance Andersen| Principal Member of Technical Staff | +1.781.442.2037
Oracle Java Engineering
1 Network Drive
Burlington, MA 01803
Lance.Andersen at oracle.com <mailto:Lance.Andersen at oracle.com>
More information about the core-libs-dev
mailing list