Permissions in default.policy and --patch-module
Weijun Wang
weijun.wang at oracle.com
Mon Dec 11 01:12:38 UTC 2017
I modified a class inside the jdk.crypto.cryptoki module, compiled it with "javac -d /tmp", and then ran a small program with
java --patch-module jdk.crypto.cryptoki=/tmp -Djava.security.manager MyProg
and it fails with
TEST RESULT: Failed. Execution failed: `main' threw exception: java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "accessClassInPackage.sun.security.pkcs11")
Looks like the permission granted to "jrt:/jdk.crypto.cryptoki" in lib/security/default.policy are not granted to the new classes inside /tmp. If I duplicate the block for "jrt:/jdk.crypto.cryptoki" to "file:/c:/tmp" the program runs.
I thought the /tmp folder should be cascaded into the jrt file system for the module. Can this be enhanced?
Thanks
Max
More information about the jigsaw-dev
mailing list