RFR 8043406: Change default policy for JCE providers to run with as few privileges,as possible
Valerie Peng
valerie.peng at oracle.com
Mon Jul 7 21:14:47 UTC 2014
Updated the webrev to include the updates of test policy files.
Also changed the ProviderConfig class to ignore provider instantiation
failures, so that we don't need to include the entries for crypto
providers in the test policy files when the tests themselves do not
use/depend on functionality from crypto providers.
http://cr.openjdk.java.net/~valeriep/8043406/webrev.02/
Thanks,
Valerie
On 6/26/2014 2:33 PM, Valerie Peng wrote:
>
> Updated the webrev in place (still at webrev.01), now that Mandy has
> putback'ed her fix for the ClassLoader.loadLibrary issue.
>
> Thanks,
> Valerie
>
> On 6/20/2014 3:30 PM, Valerie Peng wrote:
>>
>> Webrev is updated at:
>> http://cr.openjdk.java.net/~valeriep/8043406/webrev.01
>> Sure, I will file a bug after Mandy's confirmation.
>> Thanks,
>> Valerie
>>
>> On 6/20/2014 8:46 AM, Sean Mullan wrote:
>>> 36 // Needed by Runtime.loadLibrary(String) call
>>> 37 permission java.io.FilePermission "<<ALL FILES>>", "read";
>>>
>>> It seems like this is due to a bug in Runtime.loadLibrary, since you
>>> have already granted the provider the permission to load the
>>> library. I think possibly the call to ClassLoader.loadLibrary should
>>> be inside a doPrivileged. The workaround is ok for now, but can you
>>> file a separate bug for this?
>>>
>>> --Sean
>>>
>>> On 06/18/2014 06:51 PM, Valerie Peng wrote:
>>>> Sean,
>>>>
>>>> Not sure if you can get to reviewing this before your vacation.
>>>> If not, I will find someone else to help...
>>>>
>>>> Webrev: http://cr.openjdk.java.net/~valeriep/8043406/webrev.00/
>>>>
>>>> Thanks,
>>>> Valerie
More information about the security-dev
mailing list