RFR 8043406: Change default policy for JCE providers to run with as few privileges,as possible

Valerie Peng valerie.peng at oracle.com
Fri Jun 20 22:30:44 UTC 2014

Webrev is updated at: http://cr.openjdk.java.net/~valeriep/8043406/webrev.01
Sure, I will file a bug after Mandy's confirmation.

On 6/20/2014 8:46 AM, Sean Mullan wrote:
>   36         // Needed by Runtime.loadLibrary(String) call
>   37         permission java.io.FilePermission "<<ALL FILES>>", "read";
> It seems like this is due to a bug in Runtime.loadLibrary, since you 
> have already granted the provider the permission to load the library. 
> I think possibly the call to ClassLoader.loadLibrary should be inside 
> a doPrivileged. The workaround is ok for now, but can you file a 
> separate bug for this?
> --Sean
> On 06/18/2014 06:51 PM, Valerie Peng wrote:
>> Sean,
>> Not sure if you can get to reviewing this before your vacation.
>> If not, I will find someone else to help...
>> Webrev: http://cr.openjdk.java.net/~valeriep/8043406/webrev.00/
>> Thanks,
>> Valerie

More information about the security-dev mailing list