# HG changeset patch # User mullan # Date 1476718310 0 # Node ID 563c1d911dcba6e4f70cd41e1141334d20e30a7d # Parent c8cfe3a01e7d061689d3d78ada6d9aa089e18eb7 8165712: Grant permission to read specific properties instead of all to the jdk.crypto.ucrypto module Reviewed-by: xuelei diff -r c8cfe3a01e7d -r 563c1d911dcb jdk/src/java.base/solaris/lib/security/default.policy --- a/jdk/src/java.base/solaris/lib/security/default.policy Wed Oct 12 22:44:43 2016 +0530 +++ b/jdk/src/java.base/solaris/lib/security/default.policy Mon Oct 17 15:31:50 2016 +0000 @@ -4,7 +4,10 @@ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; // need "com.oracle.security.ucrypto.debug" for debugging - permission java.util.PropertyPermission "*", "read"; + permission java.util.PropertyPermission "com.oracle.security.ucrypto.debug", "read"; + permission java.util.PropertyPermission "file.separator", "read"; + permission java.util.PropertyPermission "java.home", "read"; + permission java.util.PropertyPermission "os.name", "read"; permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; permission java.security.SecurityPermission diff -r c8cfe3a01e7d -r 563c1d911dcb jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java --- a/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java Wed Oct 12 22:44:43 2016 +0530 +++ b/jdk/src/jdk.crypto.ucrypto/solaris/classes/com/oracle/security/ucrypto/UcryptoProvider.java Mon Oct 17 15:31:50 2016 +0000 @@ -50,12 +50,13 @@ try { // cannot use LoadLibraryAction because that would make the native // library available to the bootclassloader, but we run in the - // extension classloader. - String osname = System.getProperty("os.name"); - if (osname.startsWith("SunOS")) { - provProp = AccessController.doPrivileged - (new PrivilegedAction>() { - public HashMap run() { + // platform classloader. + provProp = AccessController.doPrivileged + (new PrivilegedAction<>() { + @Override + public HashMap run() { + String osname = System.getProperty("os.name"); + if (osname.startsWith("SunOS")) { try { DEBUG = Boolean.parseBoolean(System.getProperty("com.oracle.security.ucrypto.debug")); String javaHome = System.getProperty("java.home"); @@ -66,14 +67,13 @@ return new HashMap<>(); } catch (Error err) { if (DEBUG) err.printStackTrace(); - return null; } catch (SecurityException se) { if (DEBUG) se.printStackTrace(); - return null; } } - }); - } + return null; + } + }); if (provProp != null) { boolean[] result = loadLibraries(); if (result.length == 2) { diff -r c8cfe3a01e7d -r 563c1d911dcb jdk/test/com/oracle/security/ucrypto/TestAES.java --- a/jdk/test/com/oracle/security/ucrypto/TestAES.java Wed Oct 12 22:44:43 2016 +0530 +++ b/jdk/test/com/oracle/security/ucrypto/TestAES.java Mon Oct 17 15:31:50 2016 +0000 @@ -1,5 +1,5 @@ /* - * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -23,9 +23,11 @@ /* * @test - * @bug 7088989 8014374 + * @bug 7088989 8014374 8167512 * @summary Ensure the AES ciphers of OracleUcrypto provider works correctly * @key randomness + * @run main TestAES + * @run main/othervm/java.security.policy==empty.policy TestAES */ import java.io.*; diff -r c8cfe3a01e7d -r 563c1d911dcb jdk/test/com/oracle/security/ucrypto/empty.policy