# HG changeset patch
# User weijun
# Date 1409042551 -28800
# Node ID 77df35747ce7321c5bca43c7aa129deab0bb1eee
# Parent 0030579ec36172120db634822173dcbfb591946a
8055901: Update policytool for jdk.net.NetworkPermission
Reviewed-by: michaelm
diff -r 0030579ec361 -r 77df35747ce7 jdk/src/java.base/share/classes/java/net/NetPermission.java
--- a/jdk/src/java.base/share/classes/java/net/NetPermission.java Tue Aug 26 15:10:29 2014 +0800
+++ b/jdk/src/java.base/share/classes/java/net/NetPermission.java Tue Aug 26 16:42:31 2014 +0800
@@ -72,10 +72,10 @@
*
*
*
- * | getNetworkInformation |
- * The ability to retrieve all information about local network interfaces. |
- * Malicious code can read information about network hardware such as
- * MAC addresses, which could be used to construct local IPv6 addresses. |
+ * getNetworkInformation |
+ * The ability to retrieve all information about local network interfaces. |
+ * Malicious code can read information about network hardware such as
+ * MAC addresses, which could be used to construct local IPv6 addresses. |
*
*
*
@@ -98,8 +98,8 @@
*
* | requestPasswordAuthentication |
* The ability
- * to ask the authenticator registered with the system for
- * a password |
+ * to ask the authenticator registered with the system for
+ * a password
* Malicious code may steal this password. |
*
*
@@ -116,11 +116,11 @@
*
* | setDefaultAuthenticator |
* The ability to set the
- * way authentication information is retrieved when
- * a proxy or HTTP server asks for authentication |
+ * way authentication information is retrieved when
+ * a proxy or HTTP server asks for authentication
* Malicious
- * code can set an authenticator that monitors and steals user
- * authentication input as it retrieves the input from the user. |
+ * code can set an authenticator that monitors and steals user
+ * authentication input as it retrieves the input from the user.
*
*
*
@@ -143,13 +143,13 @@
*
* | specifyStreamHandler |
* The ability
- * to specify a stream handler when constructing a URL |
+ * to specify a stream handler when constructing a URL
* Malicious code may create a URL with resources that it would
-normally not have access to (like file:/foo/fum/), specifying a
-stream handler that gets the actual bytes from someplace it does
-have access to. Thus it might be able to trick the system into
-creating a ProtectionDomain/CodeSource for a class even though
-that class really didn't come from that location. |
+ * normally not have access to (like file:/foo/fum/), specifying a
+ * stream handler that gets the actual bytes from someplace it does
+ * have access to. Thus it might be able to trick the system into
+ * creating a ProtectionDomain/CodeSource for a class even though
+ * that class really didn't come from that location.
*
*
*
diff -r 0030579ec361 -r 77df35747ce7 jdk/src/jdk.runtime/share/classes/sun/security/tools/policytool/PolicyTool.java
--- a/jdk/src/jdk.runtime/share/classes/sun/security/tools/policytool/PolicyTool.java Tue Aug 26 15:10:29 2014 +0800
+++ b/jdk/src/jdk.runtime/share/classes/sun/security/tools/policytool/PolicyTool.java Tue Aug 26 16:42:31 2014 +0800
@@ -1695,6 +1695,7 @@
PERM_ARRAY.add(new MBeanSvrPerm());
PERM_ARRAY.add(new MBeanTrustPerm());
PERM_ARRAY.add(new NetPerm());
+ PERM_ARRAY.add(new NetworkPerm());
PERM_ARRAY.add(new PrivCredPerm());
PERM_ARRAY.add(new PropPerm());
PERM_ARRAY.add(new ReflectPerm());
@@ -4321,9 +4322,11 @@
super("NetPermission",
"java.net.NetPermission",
new String[] {
+ "allowHttpTrace",
"setDefaultAuthenticator",
"requestPasswordAuthentication",
"specifyStreamHandler",
+ "getNetworkInformation",
"setProxySelector",
"getProxySelector",
"setCookieHandler",
@@ -4335,6 +4338,18 @@
}
}
+class NetworkPerm extends Perm {
+ public NetworkPerm() {
+ super("NetworkPermission",
+ "jdk.net.NetworkPermission",
+ new String[] {
+ "setOption.SO_FLOW_SLA",
+ "getOption.SO_FLOW_SLA"
+ },
+ null);
+ }
+}
+
class PrivCredPerm extends Perm {
public PrivCredPerm() {
super("PrivateCredentialPermission",