RFR 8043406: Change default policy for JCE providers to run with as few privileges,as possible

[Sean Mullan]

Looks good, although do you know why you were able to remove the grant 
AllPermission from so many of the test policy files without granting 
additional specific permissions?

--Sean

On 07/07/2014 05:14 PM, Valerie Peng wrote:
>
> Updated the webrev to include the updates of test policy files.
> Also changed the ProviderConfig class to ignore provider instantiation
> failures, so that we don't need to include the entries for crypto
> providers in the test policy files when the tests themselves do not
> use/depend on functionality from crypto providers.
>
> http://cr.openjdk.java.net/~valeriep/8043406/webrev.02/
>
> Thanks,
> Valerie
>
> On 6/26/2014 2:33 PM, Valerie Peng wrote:
>>
>> Updated the webrev in place (still at webrev.01), now that Mandy has
>> putback'ed her fix for the ClassLoader.loadLibrary issue.
>>
>> Thanks,
>> Valerie
>>
>> On 6/20/2014 3:30 PM, Valerie Peng wrote:
>>>
>>> Webrev is updated at:
>>> http://cr.openjdk.java.net/~valeriep/8043406/webrev.01
>>> Sure, I will file a bug after Mandy's confirmation.
>>> Thanks,
>>> Valerie
>>>
>>> On 6/20/2014 8:46 AM, Sean Mullan wrote:
>>>>   36         // Needed by Runtime.loadLibrary(String) call
>>>>   37         permission java.io.FilePermission "<<ALL FILES>>", "read";
>>>>
>>>> It seems like this is due to a bug in Runtime.loadLibrary, since you
>>>> have already granted the provider the permission to load the
>>>> library. I think possibly the call to ClassLoader.loadLibrary should
>>>> be inside a doPrivileged. The workaround is ok for now, but can you
>>>> file a separate bug for this?
>>>>
>>>> --Sean
>>>>
>>>> On 06/18/2014 06:51 PM, Valerie Peng wrote:
>>>>> Sean,
>>>>>
>>>>> Not sure if you can get to reviewing this before your vacation.
>>>>> If not, I will find someone else to help...
>>>>>
>>>>> Webrev: http://cr.openjdk.java.net/~valeriep/8043406/webrev.00/
>>>>>
>>>>> Thanks,
>>>>> Valerie