RFR: (XS) 8162916:Test sun/security/krb5/auto/UnboundSSL.java fails

[Artem Smotrakov]

Hi Sean,

If I remember correctly, there is no ext directory in JDK 9 any more.

I don't see in jtr file that "java.ext.dirs" system property is passed 
to the test. If I understand correctly, "file:${{java.ext.dirs}}/*" 
becomes "file:/*" which seems to grand all permissions to all the code. 
It doesn't look correct for this test.

It looks like the test overrides the default policy, please see in jtr file

-Djava.security.policy==/export/home/gtee/scripts/Results/workDir/scratch_2/unbound.ssl.policy_new 
\\

If I recall correctly, there should be a way to specify a policy file in 
@run without overriding the default one. May be it is "@run 
main/othervm/java.security.policy=unbound.ssl.policy_new"

Artem


On 08/17/2016 09:53 AM, Seán Coffey wrote:
> A recently added test case lacks sufficient permissions to read a conf 
> file when running with security manager.
>
> bug report : https://bugs.openjdk.java.net/browse/JDK-8162916
>
> proposed patch :
>  diff --git a/test/sun/security/krb5/auto/unbound.ssl.policy 
> b/test/sun/security/krb5/auto/unbound.ssl.policy
> --- a/test/sun/security/krb5/auto/unbound.ssl.policy
> +++ b/test/sun/security/krb5/auto/unbound.ssl.policy
> @@ -1,7 +1,13 @@
> +// Standard extensions get all permissions by default
> +
> +grant codeBase "file:${{java.ext.dirs}}/*" {
> +        permission java.security.AllPermission;
> +};
> +
>  grant {
>      permission java.util.PropertyPermission "*", "read,write";
>      permission java.net.SocketPermission "*:*", 
> "listen,resolve,accept,connect";
> -    permission java.io.FilePermission "*", "read,write,delete";
> +    permission java.io.FilePermission "<<ALL FILES>>", 
> "read,write,delete";
>      permission java.lang.RuntimePermission "accessDeclaredMembers";
>      permission java.lang.reflect.ReflectPermission 
> "suppressAccessChecks";
>      permission java.lang.RuntimePermission "accessClassInPackage.*";
>