Review request: include US_export_policy.jar and local_policy.jar

[Vincent Ryan]

This change is good as an interim measure. Signed modules are now
supported so we will migrate these policy files over the next
few weeks.


On 27/05/2010 20:42, Sean Mullan wrote:
> The Makefile changes look ok to me. Vinnie is starting to work on fixing
> this with signed modules, so you may want to see if he has any comments
> before pushing.
>
> --Sean
>
> On 5/27/10 1:28 PM, Mandy Chung wrote:
>> Webrev at:
>> http://cr.openjdk.java.net/~mchung/jigsaw/export-policy-jars/
>>
>> The current JCE implementation checks the existence of
>> US_export_policy.jar and local_policy.jar and throws exception if not
>> exist. A number of security jtreg tests failed due to such failure.
>>
>> This fix will copy US_export_policy.jar and local_policy.jar in the
>> module-image as a short term solution so as to allows more tests to run
>> to verify the module-image. When signed modules are fully supported,
>> US_export_policy and local_policy will be converted to signed modules to
>> replace these jars in the module-image.
>>
>> Comparing the number of jdk_security3 failures:
>> Before the fix: TEST STATS: run=363 pass=226 fail=137 excluded=26
>> After the fix: TEST STATS: run=363 pass=349 fail=14 excluded=26
>>
>> Without these 2 policy jars, the exception looks like this:
>>
>> Caused by: java.lang.SecurityException: Can not initialize cryptographic
>> mechanism
>> at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:86)
>> ... 38 more
>> Caused by: java.lang.SecurityException: Cannot locate policy or
>> framework files!
>> at
>> javax.crypto.JceSecurity.setupJurisdictionPolicies(JceSecurity.java:254)
>> at javax.crypto.JceSecurity.access$000(JceSecurity.java:48)
>> at javax.crypto.JceSecurity$1.run(JceSecurity.java:78)
>> at java.security.AccessController.doPrivileged(Native Method)
>> at javax.crypto.JceSecurity.<clinit>(JceSecurity.java:76)
>>
>> Thanks
>> Mandy