RFR: 8259319: Illegal package access when SunPKCS11 requires SunJCE's classes [v2]

Martin Balao mbalao at openjdk.java.net
Fri Jan 8 21:30:15 UTC 2021


On Thu, 7 Jan 2021 21:23:55 GMT, Sean Mullan <mullan at openjdk.org> wrote:

>> Martin Balao has updated the pull request incrementally with two additional commits since the last revision:
>> 
>>  - Limit P11Util::getProvider privileged access to the required 'accessClassInPackage' RuntimePermission only.
>>  - New line character inserted at the end of IllegalPackageAccess.java test file
>
> src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java line 90:
> 
>> 88:         p = Security.getProvider(providerName);
>> 89:         if (p == null) {
>> 90:             p = AccessController.doPrivileged(
> 
> Could you use the limited version of doPrivileged and only assert the permissions that are strictly necessary to instantiate a provider?

Yes, makes sense. Thanks for your feedback.

-------------

PR: https://git.openjdk.java.net/jdk/pull/1961


More information about the security-dev mailing list