RFR 8055901: Update policytool for jdk.net.NetworkPermission
Michael McMahon
michael.x.mcmahon at oracle.com
Tue Aug 26 08:07:13 UTC 2014
On 26/08/14 09:05, Wang Weijun wrote:
> On Aug 26, 2014, at 15:57, Michael McMahon <michael.x.mcmahon at oracle.com> wrote:
>
>> Thanks for doing this Max. The syntax looks fine.
>> Just one question. Do you think it is better to specify each socket option literally in the tool
>> as you have done (ie. the only supported NetworkPermission
>> is SO_FLOW_SLA with this change) or allow users to type in the option name as free-form text
> Well, IMO policytool is for people who cannot remember the exact permission/target/actions names. Otherwise, it's quite easy to write a policy file using any text editor. Also, you might have noticed that even if you select one target name you can still edit it to something else. Therefore forgetting to update the tool is not fatal.
Good points. That's fine then.
Thanks!
Michael
> --Max
>
>> I guess you can always edit policy files manually, but if more socket options get added
>> in future, then we will need to update the tool again.
>
>> Michael
>>
>> On 26/08/14 01:58, Wang Weijun wrote:
>>> Hi Michael
>>>
>>> Please review the code change at
>>>
>>> http://cr.openjdk.java.net/~weijun/8055901/webrev.00/
>>>
>>> With this change, the policy tool can generate a file like
>>>
>>> grant {
>>> permission jdk.net.NetworkPermission "setOption.SO_FLOW_SLA";
>>> };
>>>
>>> Please confirm the grammar is correct.
>>>
>>> BTW, I also add some missing targets in a nearby permission type.
>>>
>>> Noreg-trivial.
>>>
>>> Thanks
>>> Max
>>>
More information about the security-dev
mailing list