RFR: 8055206: Update SecurityManager::checkPackageAccess to restrict non-exported JDK packages by default

Sean Mullan sean.mullan at oracle.com
Mon Jan 9 19:25:02 UTC 2017


Please review this JDK 9 change to make the 
SecurityManager::checkPackageAccess and checkPackageDefinition 
implementations restrict access to the same set of internal JDK packages 
as the module system.

This overall change will improve security by making these two mechanisms 
consistent and reduce the amount of work needed to maintain the 
package.access and package.definition security properties going forward.

JBS issue: https://bugs.openjdk.java.net/browse/JDK-8055206
JDK webrev: 
http://cr.openjdk.java.net/~mullan/webrevs/8055206/jdk/webrev.00/
JAXP webrev: 
http://cr.openjdk.java.net/~mullan/webrevs/8055206/jaxp/webrev.00/

The JBS bug has more details, but the fix consists of essentially 3 main 
parts:

1. Remove most packages from the package.{access,definition} security 
properties

2. Changes to the SecurityManager::checkPackage{Access,Definition} APIs 
to allow an implementation to restrict a default set of packages (in 
addition to those listed in the package.{access,definition} properties)

3. Changes to the default 
SecurityManager::checkPackage{Access,Definition} implementation to use 
Module APIs to compute the list of non-exported packages loaded by the 
platform class loader or its ancestors.

Several tests also had to be modified to be granted additional 
permission(s) to access the newly restricted packages under a 
SecurityManager. JAXP also needed a change to grant additional 
permissions to access internal packages that are exported to the modules 
that are dynamically created for use with XSLT.

Thanks,
Sean


More information about the security-dev mailing list