RFR: 8259319: Illegal package access when SunPKCS11 requires SunJCE's classes
Sean Mullan
mullan at openjdk.java.net
Thu Jan 7 21:26:55 UTC 2021
On Wed, 6 Jan 2021 15:33:59 GMT, Martin Balao <mbalao at openjdk.org> wrote:
> As described in JDK-8259319 [1], this fix proposal is to set proper access permissions so the SunPKCS11 provider can create instances of SunJCE classes when a Security Manager is installed and the fallback scheme is used.
>
> No regressions found in jdk/sun/security/pkcs11 tests category.
>
> --
> [1] - https://bugs.openjdk.java.net/browse/JDK-8259319
src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java line 90:
> 88: p = Security.getProvider(providerName);
> 89: if (p == null) {
> 90: p = AccessController.doPrivileged(
Could you use the limited version of doPrivileged and only assert the permissions that are strictly necessary to instantiate a provider?
-------------
PR: https://git.openjdk.java.net/jdk/pull/1961
More information about the security-dev
mailing list