[9] RFR 8159488 "Deprivilege java.xml.crypto" and 8161171 "Missed the make/common/Modules.gmk file when integrating JDK-8154191"

Valerie Peng valerie.peng at oracle.com
Fri Jul 22 22:19:38 UTC 2016 

I added a new test covering the basics of getInstance() methods.

Webrev updated: http://cr.openjdk.java.net/~valeriep/8159488/webrev.02

If you have a particular scenario that you want me to cover, please let 
me know.
Thanks,
Valerie

On 7/21/2016 12:55 PM, Valerie Peng wrote:
>
> Existing regression tests for the java.xml.crypto do test the 
> getInstance() methods as I observed during my own testing.
>
> Maybe not all of them are covered though. I will double check and add 
> test if necessary...
>
> Thanks,
>
> Valerie
>
>
> On 7/21/2016 12:08 PM, Sean Mullan wrote:
>> On 07/20/2016 07:57 PM, Valerie Peng wrote:
>>> Sean,
>>>
>>> I have updated webrev to rid the dependency on sun.security.jca
>>> packages. Also, I found one additional SecurityPermission is needed.
>>>
>>> Please find the updated webrev at:
>>> http://cr.openjdk.java.net/~valeriep/8159488/webrev.01/
>>>
>>>
>>> So, we should close JDK-8161710 as a duplicate of JDK-8159488 then?
>>
>> Yes. The fix looks good. Could you write a simple test which calls 
>> the getInstance methods with good/bogus algs and providers just to 
>> make sure they all work as expected? There don't seem to be any 
>> regression tests for that.
>>
>> Thanks,
>> Sean
>>
>>>
>>> Thanks,
>>> Valerie
>>>
>>> On 7/19/2016 11:57 AM, Sean Mullan wrote:
>>>> On 07/18/2016 05:38 PM, Valerie Peng wrote:
>>>>> Hi Sean,
>>>>>
>>>>> I found these two classes in java.xml.crypto module reading local 
>>>>> files:
>>>>> src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/keys/storage/implementations/CertsInFilesystemDirectoryResolver.java 
>>>>>
>>>>>
>>>>>
>>>>> src/java.xml.crypto/share/classes/com/sun/org/apache/xml/internal/security/utils/JavaUtils.java 
>>>>>
>>>>>
>>>>
>>>> I think we should leave it out. The methods that need that permission
>>>> are in non-exported packages and are essentially unused.
>>>>
>>>> Also, you may have noticed, but I just filed
>>>> https://bugs.openjdk.java.net/browse/JDK-8161710. Fixing this would
>>>> allow us to remove this permission:
>>>>
>>>>   permission java.lang.RuntimePermission
>>>> "accessClassInPackage.sun.security.jca.*";
>>>>
>>>> I'm not sure if you have the time to tackle that as part of this
>>>> issue, but I think it would be acceptable to fix them together as part
>>>> of this issue if so.
>>>>
>>>> --Sean
>>>>
>>>>>
>>>>>
>>>>>
>>>>> If you think the File reading permission is not needed for
>>>>> java.xml.crypto module, I will remove the corresponding permission
>>>>> entry.
>>>>> Thanks,
>>>>> Valerie
>>>>>
>>>>> On 7/18/2016 12:48 PM, Sean Mullan wrote:
>>>>>> On 07/13/2016 08:10 PM, Valerie Peng wrote:
>>>>>>> Sean,
>>>>>>>
>>>>>>> Can you please review the following two webrevs?
>>>>>>>
>>>>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8159488
>>>>>>> Webrev: http://cr.openjdk.java.net/~valeriep/8159488/
>>>>>>
>>>>>> Looks good except for this one:
>>>>>>
>>>>>>  127         // needed for reading Certs
>>>>>>  128         permission java.io.FilePermission "<<ALL 
>>>>>> FILES>>","read";
>>>>>>
>>>>>> Why is that needed?
>>>>>>
>>>>>>>
>>>>>>> While making changes for 8159488, I noticed a problem with my 
>>>>>>> earlier
>>>>>>> putback of 8154191 - the top level Modules.gmk was not integrated.
>>>>>>> So, I filed 8161171: Missed the make/common/Modules.gmk file when
>>>>>>> integrating JDK-8154191.
>>>>>>> Can you also review this? It's essentially the same change as 
>>>>>>> the one
>>>>>>> reviewed.
>>>>>>>
>>>>>>> Bug: https://bugs.openjdk.java.net/browse/JDK-8161171
>>>>>>> Webrev: http://cr.openjdk.java.net/~valeriep/8161171/webrev.00/
>>>>>>
>>>>>> I'll skip this since Mandy already reviewed that one.
>>>>>>
>>>>>> --Sean
>>>>>
>>>
>

More information about the security-dev mailing list