RFR [9] 7067728: Remove stopThread default java.policy
Mandy Chung
mandy.chung at oracle.com
Thu Jan 14 16:52:54 UTC 2016
> On Jan 14, 2016, at 2:05 AM, Chris Hegarty <chris.hegarty at oracle.com> wrote:
>
> The "stopThread” RuntimePermission is granted by default. The Thread.stop
> methods have been deprecated for more than 15 years. It seems reasonable,
> in a major release, to remove the default grant of stopThread.
+1 to remove "stopThread” RuntimePermission from java.policy.
There are existing tests whose grants this "stopThread” RuntimePermission that may not be needed for the test. The test policy likely copies that from the default system java.policy. We should update these test policy as well.
>>
>> I would have expected some tests to need modifying here (or other places!).
>
> I haven’t seen any test failures resulting from this change ( not sure
> if that is a good or a bad thing! ). Though, there were several implementation
> bugs that needed to be resolved before being able to remove default grant.
jtreg policy tag overrides the system default security policy with the specified file. Tests that call Thread::stop and tested with security manager must have "stopThread” RuntimePermission set in the test policy. jtreg was enhanced to add a new java.security.policy tag to extend the system security policy [1]. Only tests using java.security.policy tag and calling Thread::stop will need to be modified.
Mandy
[1] https://bugs.openjdk.java.net/browse/CODETOOLS-7900898
More information about the security-dev
mailing list