RFR 8043406: Change default policy for JCE providers to run with as few privileges,as possible
Valerie Peng
valerie.peng at oracle.com
Tue Jul 8 18:26:09 UTC 2014
When looking through the code and running regression tests as well as
some of my own sample programs, SunPKCS11 needs permission to access
"sun.security.pkcs11.allowSingleThreadedModules" property.
As for other providers, they seem fine without the PropertyPermission.
But the required permissions depend on the code path at runtime, so it's
hard to tell 100%.
Since default permission set contains a bunch of PropertyPermission, it
seems reasonable to grant a "*" PropertyPermission to crypto providers
by default (in case future enhancements/fixes contains code which needs
them). Besides, other jars under extension directory (e.g. zipfs.jar,
cldrdata.jar) do so too.
Regards,
Valerie
On 7/7/2014 7:25 PM, Wang Weijun wrote:
> Hi Valerie
>
> I didn't read your previous webrevs, but why is "permission java.util.PropertyPermission "*", "read";" needed by every provider? I go to sun/ec, sun/pkcs11, com/sun/crypto and find no special System.getProperty() calls there.
>
> Thanks
> Max
>
>
> On Jul 8, 2014, at 5:14, Valerie Peng<valerie.peng at oracle.com> wrote:
>
>> Updated the webrev to include the updates of test policy files.
>> Also changed the ProviderConfig class to ignore provider instantiation failures, so that we don't need to include the entries for crypto providers in the test policy files when the tests themselves do not use/depend on functionality from crypto providers.
>>
>> http://cr.openjdk.java.net/~valeriep/8043406/webrev.02/
>>
>> Thanks,
>> Valerie
More information about the security-dev
mailing list