--- a/jdk/src/java.base/share/conf/security/policy/README.txt	Thu Aug 31 08:35:16 2017 -0700
+++ b/jdk/src/java.base/share/conf/security/policy/README.txt	Thu Aug 31 12:48:19 2017 -0700
@@ -5,30 +5,50 @@
                                README
 ------------------------------------------------------------------------
 
+Import and export control rules on cryptographic software vary from
+country to country.  The Java Cryptography Extension (JCE) architecture
+allows flexible cryptographic key strength to be configured via the
+jurisdiction policy files which are referenced by the “crypto.policy”
+security property in the <java-home>/conf/security/java.security file.
 
-The JCE architecture allows flexible cryptographic strength to be
-configured via the jurisdiction policy files contained within these
-directories.
+By default, Java provides two different sets of cryptographic policy
+files:
 
-The default JCE policy files bundled in this Java Runtime Environment
-allow for "unlimited" cryptographic strengths.  For convenience,
-this build also contains the historic "limited" strength policy files
-which contain restrictions on cryptographic strengths, but they must be
-specifically activated by updating the "crypto.policy" Security property
-(e.g. <java-home>/conf/security/java.security) to point to the appropriate
-directory.
+    unlimited:  These policy files contain no restrictions on cryptographic
+                strengths or algorithms
+
+    limited:    These policy files contain more restricted cryptographic
+                strengths
+
+These files reside in <java-home>/conf/security/policy in the “unlimited”
+or “limited” subdirectories respectively.
+
+Each subdirectory contains a complete policy configuration,
+and subdirectories can be added/edited/removed to reflect your
+import or export control product requirements.
 
-Each subdirectory contains a complete policy configuration, and additional
-subdirectories can be added/removed to reflect local regulations.
+Within a subdirectory, the effective policy is the combined minimum
+permissions of the grant statements in the file(s) matching the filename
+pattern "default_*.policy".  At least one grant is required.  For example:
+
+    limited   =  Export (all) + Import (limited)  =  Limited
+    unlimited =  Export (all) + Import (all)      =  Unlimited
+
+The effective exemption policy is the combined minimum permissions
+of the grant statements in the file(s) matching the filename pattern
+"exempt_*.policy".  Exemption grants are optional.  For example:
 
-JCE for Java SE has been through the U.S. export review process.  The JCE
-framework, along with the various JCE providers that come standard with it
-(SunJCE, SunEC, SunPKCS11, SunMSCAPI, etc), is exportable from the
-United States.
+    limited   =  grants exemption permissions, by which the
+                 effective policy can be circumvented.
+                 e.g.  KeyRecovery/KeyEscrow/KeyWeakening.
+
+Please see the Java Cryptography Architecture (JCA) documentation for
+additional information on these files and formats.
 
-You are advised to consult your export/import control counsel or attorney
-to determine the exact requirements of your location, and what policy
-settings should be used.
+YOU ARE ADVISED TO CONSULT YOUR EXPORT/IMPORT CONTROL COUNSEL OR ATTORNEY
+TO DETERMINE THE EXACT REQUIREMENTS.
 
-Please see The Java(TM) Cryptography Architecture (JCA) Reference
-Guide and the java.security file for more information.
+Please note that the JCE for Java SE, including the JCE framework,
+cryptographic policy files, and standard JCE providers provided with
+the Java SE, have been reviewed and approved for export as mass market
+encryption item by the US Bureau of Industry and Security.