8168078: Remove permission to read all system properties granted to the jdk.crypto.ec module
Reviewed-by: vinnie, xuelei
--- a/jdk/src/java.base/share/lib/security/default.policy Mon Oct 17 17:07:55 2016 -0700
+++ b/jdk/src/java.base/share/lib/security/default.policy Tue Oct 18 09:18:56 2016 -0400
@@ -103,7 +103,6 @@
permission java.lang.RuntimePermission
"accessClassInPackage.sun.security.*";
permission java.lang.RuntimePermission "loadLibrary.sunec";
- permission java.util.PropertyPermission "*", "read";
permission java.security.SecurityPermission "putProviderProperty.SunEC";
permission java.security.SecurityPermission "clearProviderProperties.SunEC";
permission java.security.SecurityPermission "removeProviderProperty.SunEC";
--- a/jdk/test/sun/security/ec/TestEC.java Mon Oct 17 17:07:55 2016 -0700
+++ b/jdk/test/sun/security/ec/TestEC.java Tue Oct 18 09:18:56 2016 -0400
@@ -28,7 +28,7 @@
/**
* @test
- * @bug 6840752
+ * @bug 6840752 8168078
* @summary Provide out-of-the-box support for ECC algorithms
* @library ../pkcs11
* @library ../pkcs11/ec
@@ -37,6 +37,7 @@
* @modules jdk.crypto.pkcs11/sun.security.pkcs11.wrapper
* @compile -XDignore.symbol.file TestEC.java
* @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
+ * @run main/othervm/java.security.policy=TestEC.policy -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC
*/
import java.security.NoSuchProviderException;
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/ec/TestEC.policy Tue Oct 18 09:18:56 2016 -0400
@@ -0,0 +1,3 @@
+grant codebase "file:${test.classes}/*" {
+ permission java.security.AllPermission;
+};
--- a/jdk/test/sun/security/pkcs11/PKCS11Test.java Mon Oct 17 17:07:55 2016 -0700
+++ b/jdk/test/sun/security/pkcs11/PKCS11Test.java Tue Oct 18 09:18:56 2016 -0400
@@ -47,6 +47,7 @@
import java.util.List;
import java.util.Map;
import java.util.Properties;
+import java.util.ServiceConfigurationError;
import java.util.ServiceLoader;
import java.util.Set;
@@ -112,7 +113,7 @@
found = true;
break;
}
- } catch (Exception e) {
+ } catch (Exception | ServiceConfigurationError e) {
// ignore and move on to the next one
}
}