RFR [9] 7067728: Remove stopThread default java.policy

Chris Hegarty chris.hegarty at oracle.com
Thu Jan 14 17:32:09 UTC 2016 

On 14 Jan 2016, at 17:29, Mandy Chung <mandy.chung at oracle.com> wrote:

> 
>> On Jan 14, 2016, at 9:19 AM, Chris Hegarty <chris.hegarty at oracle.com> wrote:
>> 
>>> There are existing tests whose grants this "stopThread” RuntimePermission that may not be needed for the test.  The test policy likely copies that from the default system java.policy.  We should update these test policy as well.
>> 
>> I do see a few of these, and some will need discussion. Ok if I file a separate
>> bug on these, they are not directly related to this change, and do still pass, just
>> that the permission is superfluous.
>> 
> 
> Taking it out from the test policy file should be non-controversial and trivial to verify.  

Right. I was thinking that maybe these tests should be updated to use the new
jtreg machanism, java.security.policy, rather than just removing stopThread? 

> I can see why you prefer to separate the test update from this change and I’m okay.

Thanks. I’ll file a bug on it.

> 
>>>>> I would have expected some tests to need modifying here (or other places!).
>>>> 
>>>> I haven’t seen any test failures resulting from this change ( not sure
>>>> if that is a good or a bad thing! ).  Though, there were several implementation
>>>> bugs that needed to be resolved before being able to remove default grant.
>>> 
>>> jtreg policy tag overrides the system default security policy with the specified file.  Tests that call Thread::stop and tested with security manager must have  "stopThread” RuntimePermission set in the test policy.  jtreg was enhanced to add a new java.security.policy tag to extend the system security policy [1].  
>> 
>> Thanks for this explanation. I always get confused with how jtreg supports
>> this.
>> 
>>> Only tests using java.security.policy tag and calling Thread::stop will need to be modified.
>> 
>> I can find no such tests.
> 
> That matches what I expect since most of the tests using the new java.security.policy tag are related to deprivileging work and new tests only.

Great.

-Chris.

More information about the security-dev mailing list