8043406: Change default policy for JCE providers to run with as few privileges as possible
Summary: Provide default permissions for crypto providers
Reviewed-by: mullan, vinnie
--- a/jdk/src/share/classes/sun/security/jca/ProviderConfig.java Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/src/share/classes/sun/security/jca/ProviderConfig.java Thu Jul 10 22:44:58 2014 +0000
@@ -255,6 +255,14 @@
disableLoad();
}
return null;
+ } catch (ExceptionInInitializerError err) {
+ // no sufficient permission to initialize provider class
+ if (debug != null) {
+ debug.println("Error loading provider " + ProviderConfig.this);
+ err.printStackTrace();
+ }
+ disableLoad();
+ return null;
}
}
});
--- a/jdk/src/share/lib/security/java.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/src/share/lib/security/java.policy Thu Jul 10 22:44:58 2014 +0000
@@ -26,15 +26,36 @@
};
grant codeBase "file:${java.home}/lib/ext/sunec.jar" {
- permission java.security.AllPermission;
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "loadLibrary.sunec";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunEC";
+ permission java.security.SecurityPermission "clearProviderProperties.SunEC";
+ permission java.security.SecurityPermission "removeProviderProperty.SunEC";
};
grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
- permission java.security.AllPermission;
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunJCE";
+ permission java.security.SecurityPermission "clearProviderProperties.SunJCE";
+ permission java.security.SecurityPermission "removeProviderProperty.SunJCE";
};
grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
- permission java.security.AllPermission;
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+ // needs "security.pkcs11.allowSingleThreadedModules"
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.*";
+ permission java.security.SecurityPermission "clearProviderProperties.*";
+ permission java.security.SecurityPermission "removeProviderProperty.*";
+ permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
+ permission java.security.SecurityPermission "authProvider.*";
+ // Needed for reading PKCS11 config file and NSS library check
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
};
// default permissions granted to all domains
--- a/jdk/src/windows/lib/security/java.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/src/windows/lib/security/java.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,3 +1,8 @@
grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" {
- permission java.security.AllPermission;
-};
+ Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "loadLibrary.sunmscapi";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
+ permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI";
+ permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI";
+}
--- a/jdk/test/java/io/Serializable/subclassGC/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/io/Serializable/subclassGC/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,6 +1,3 @@
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
-};
grant {
permission java.lang.RuntimePermission "createClassLoader";
--- a/jdk/test/java/lang/System/System.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/lang/System/System.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,10 +1,5 @@
//
// Used by SecurityRace.java
-// Standard extensions get all permissions by default
-
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
-};
// default permissions granted to all domains
--- a/jdk/test/java/net/URLPermission/policy.1 Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/net/URLPermission/policy.1 Thu Jul 10 22:44:58 2014 +0000
@@ -37,9 +37,56 @@
};
// Normal permissions that aren't granted when run under jtreg
+grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
+ permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
+ permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
+ permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read";
+};
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
+grant codeBase "file:${java.home}/lib/ext/sunec.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "loadLibrary.sunec";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunEC";
+ permission java.security.SecurityPermission "clearProviderProperties.SunEC";
+ permission java.security.SecurityPermission "removeProviderProperty.SunEC";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunJCE";
+ permission java.security.SecurityPermission "clearProviderProperties.SunJCE";
+ permission java.security.SecurityPermission "removeProviderProperty.SunJCE";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.*";
+ permission java.security.SecurityPermission "clearProviderProperties.*";
+ permission java.security.SecurityPermission "removeProviderProperty.*";
+ permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
+ permission java.security.SecurityPermission "authProvider.*";
+ // Needed for reading PKCS11 config file and NSS library check
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" {
+ Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "loadLibrary.sunmscapi";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
+ permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI";
+ permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI";
};
grant codeBase "file:${{java.home}}/jre/lib/rt.jar" {
--- a/jdk/test/java/net/URLPermission/policy.2 Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/net/URLPermission/policy.2 Thu Jul 10 22:44:58 2014 +0000
@@ -36,8 +36,57 @@
permission "java.lang.RuntimePermission" "setFactory";
};
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
+// Normal permissions that aren't granted when run under jtreg
+grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
+ permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
+ permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
+ permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunec.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "loadLibrary.sunec";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunEC";
+ permission java.security.SecurityPermission "clearProviderProperties.SunEC";
+ permission java.security.SecurityPermission "removeProviderProperty.SunEC";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunJCE";
+ permission java.security.SecurityPermission "clearProviderProperties.SunJCE";
+ permission java.security.SecurityPermission "removeProviderProperty.SunJCE";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.*";
+ permission java.security.SecurityPermission "clearProviderProperties.*";
+ permission java.security.SecurityPermission "removeProviderProperty.*";
+ permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
+ permission java.security.SecurityPermission "authProvider.*";
+ // Needed for reading PKCS11 config file and NSS library check
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" {
+ Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "loadLibrary.sunmscapi";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
+ permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI";
+ permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI";
};
grant codeBase "file:///export/repos/jdk8/build/linux-x86_64-normal-server-fastdebug/images/j2sdk-image/jre/lib/rt.jar" {
--- a/jdk/test/java/net/URLPermission/policy.3 Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/net/URLPermission/policy.3 Thu Jul 10 22:44:58 2014 +0000
@@ -37,9 +37,56 @@
};
// Normal permissions that aren't granted when run under jtreg
+grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
+ permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
+ permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
+ permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read";
+};
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
+grant codeBase "file:${java.home}/lib/ext/sunec.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "loadLibrary.sunec";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunEC";
+ permission java.security.SecurityPermission "clearProviderProperties.SunEC";
+ permission java.security.SecurityPermission "removeProviderProperty.SunEC";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunJCE";
+ permission java.security.SecurityPermission "clearProviderProperties.SunJCE";
+ permission java.security.SecurityPermission "removeProviderProperty.SunJCE";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.*";
+ permission java.security.SecurityPermission "clearProviderProperties.*";
+ permission java.security.SecurityPermission "removeProviderProperty.*";
+ permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
+ permission java.security.SecurityPermission "authProvider.*";
+ // Needed for reading PKCS11 config file and NSS library check
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" {
+ Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "loadLibrary.sunmscapi";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
+ permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI";
+ permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI";
};
grant codeBase "file:${{java.home}}/jre/lib/rt.jar" {
--- a/jdk/test/java/nio/charset/spi/default-pol Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/nio/charset/spi/default-pol Thu Jul 10 22:44:58 2014 +0000
@@ -1,9 +1,3 @@
-
-// Standard extensions get all permissions by default
-
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
// default permissions granted to all domains
--- a/jdk/test/java/rmi/activation/Activatable/checkActivateRef/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/checkActivateRef/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// test explicitly acccesses sun.rmi.server.ActivatableRef
permission java.lang.RuntimePermission "accessClassInPackage.sun.rmi.server";
--- a/jdk/test/java/rmi/activation/Activatable/checkAnnotations/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/checkAnnotations/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/checkImplClassLoader/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/checkImplClassLoader/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// need to move some classes out of the tests classpath; specific to this test
permission java.io.FilePermission "${test.classes}", "read,write,delete";
--- a/jdk/test/java/rmi/activation/Activatable/checkRegisterInLog/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/checkRegisterInLog/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/createPrivateActivable/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/createPrivateActivable/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/downloadParameterClass/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/downloadParameterClass/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// need to move some classes out of the tests classpath; specific to this test
permission java.io.FilePermission "${test.classes}", "read,write,delete";
--- a/jdk/test/java/rmi/activation/Activatable/elucidateNoSuchMethod/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/elucidateNoSuchMethod/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// Needed because of bug#: 4182104
permission java.lang.RuntimePermission "modifyThreadGroup";
--- a/jdk/test/java/rmi/activation/Activatable/extLoadedImpl/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/extLoadedImpl/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,6 +1,3 @@
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
grant {
// standard activation permissions
--- a/jdk/test/java/rmi/activation/Activatable/forceLogSnapshot/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/forceLogSnapshot/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/inactiveGroup/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/inactiveGroup/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/nestedActivate/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/nestedActivate/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/nonExistentActivatable/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/nonExistentActivatable/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/restartCrashedService/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/restartCrashedService/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/restartLatecomer/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/restartLatecomer/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/restartService/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/restartService/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/shutdownGracefully/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/shutdownGracefully/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/Activatable/unregisterInactive/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/Activatable/unregisterInactive/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/ActivationSystem/activeGroup/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/ActivationSystem/activeGroup/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,6 +1,3 @@
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
grant {
// standard test activation permissions
--- a/jdk/test/java/rmi/activation/ActivationSystem/modifyDescriptor/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/ActivationSystem/modifyDescriptor/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/ActivationSystem/unregisterGroup/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/ActivationSystem/unregisterGroup/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/activation/CommandEnvironment/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/activation/CommandEnvironment/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// standard test activation permissions
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/dgc/VMID/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/dgc/VMID/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,11 +1,6 @@
/*
* security policy used by MarshalForeignStub test
*/
-
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// used by TestLibrary to determine test environment
--- a/jdk/test/java/rmi/dgc/dgcImplInsulation/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/dgc/dgcImplInsulation/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,11 +1,6 @@
/*
* security policy used by the test process
*/
-
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// so that synchronous DGC dirty call will succeed
permission java.net.SocketPermission "*:1024-", "accept,connect,listen";
--- a/jdk/test/java/rmi/registry/classPathCodebase/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/registry/classPathCodebase/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// need to move some classes out of the test's classpath; specific to this test
permission java.io.FilePermission "${test.classes}", "read,write,delete";
--- a/jdk/test/java/rmi/server/RMIClassLoader/delegateToContextLoader/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RMIClassLoader/delegateToContextLoader/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// test must create a context loader for the current thread.
permission java.lang.RuntimePermission "createClassLoader";
--- a/jdk/test/java/rmi/server/RMIClassLoader/downloadArrayClass/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RMIClassLoader/downloadArrayClass/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
permission java.util.PropertyPermission
"java.rmi.server.codebase", "read,write";
--- a/jdk/test/java/rmi/server/RMIClassLoader/getClassLoader/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RMIClassLoader/getClassLoader/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// permissions needed to move classes into separate codebase directories
permission java.io.FilePermission
--- a/jdk/test/java/rmi/server/RMIClassLoader/loadProxyClasses/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RMIClassLoader/loadProxyClasses/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// permissions needed to move classes into separate codebase directories
--- a/jdk/test/java/rmi/server/RMIClassLoader/spi/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RMIClassLoader/spi/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// permissions needed to move classes into separate codebase directories
--- a/jdk/test/java/rmi/server/RMIClassLoader/useCodebaseOnly/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RMIClassLoader/useCodebaseOnly/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// specific property access needed by this test
--- a/jdk/test/java/rmi/server/RMIClassLoader/useGetURLs/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RMIClassLoader/useGetURLs/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// the test needs to move classfiles out of its classpath
permission java.io.FilePermission "${test.classes}", "read,write,delete";
--- a/jdk/test/java/rmi/server/RMISocketFactory/useSocketFactory/activatable/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RMISocketFactory/useSocketFactory/activatable/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// property specifically accessed by this test
permission java.util.PropertyPermission "user.name", "read";
--- a/jdk/test/java/rmi/server/RMISocketFactory/useSocketFactory/registry/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RMISocketFactory/useSocketFactory/registry/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// used by TestLibrary to determine extra commandline properties
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/server/RMISocketFactory/useSocketFactory/unicast/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RMISocketFactory/useSocketFactory/unicast/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// used by TestLibrary to determine extra commandline properties
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/server/RemoteServer/setLogPermission/java.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/RemoteServer/setLogPermission/java.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,7 +1,3 @@
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
permission java.util.logging.LoggingPermission "control";
};
--- a/jdk/test/java/rmi/server/clientStackTrace/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/clientStackTrace/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// test needs to export rmid and communicate with objects on arbitrary ports
permission java.net.SocketPermission "*:1024-", "connect,accept,listen";
--- a/jdk/test/java/rmi/server/useCustomRef/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/server/useCustomRef/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// the test uses a class in the package sun.rmi.server
permission java.lang.RuntimePermission "accessClassInPackage.sun.rmi.registry";
--- a/jdk/test/java/rmi/transport/checkLeaseInfoLeak/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/transport/checkLeaseInfoLeak/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// used by TestLibrary to determine extra commandline properties
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/transport/dgcDeadLock/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/transport/dgcDeadLock/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by the test process
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// used by TestLibrary to determine extra commandline properties
permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/jdk/test/java/rmi/transport/httpSocket/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/rmi/transport/httpSocket/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,6 +1,3 @@
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
grant {
permission java.net.SocketPermission "*:1024-", "accept,connect,listen";
--- a/jdk/test/java/security/KeyRep/Serial.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/security/KeyRep/Serial.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,5 +1,10 @@
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
+grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunJCE";
+ permission java.security.SecurityPermission "clearProviderProperties.SunJCE";
+ permission java.security.SecurityPermission "removeProviderProperty.SunJCE";
};
grant {
--- a/jdk/test/java/security/KeyRep/SerialOld.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/security/KeyRep/SerialOld.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,5 +1,53 @@
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
+grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
+ permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
+ permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
+ permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunec.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "loadLibrary.sunec";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunEC";
+ permission java.security.SecurityPermission "clearProviderProperties.SunEC";
+ permission java.security.SecurityPermission "removeProviderProperty.SunEC";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunJCE";
+ permission java.security.SecurityPermission "clearProviderProperties.SunJCE";
+ permission java.security.SecurityPermission "removeProviderProperty.SunJCE";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.*";
+ permission java.security.SecurityPermission "clearProviderProperties.*";
+ permission java.security.SecurityPermission "removeProviderProperty.*";
+ permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
+ permission java.security.SecurityPermission "authProvider.*";
+ // Needed for reading PKCS11 config file and NSS library check
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" {
+ Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "loadLibrary.sunmscapi";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
+ permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI";
+ permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI";
};
grant {
@@ -8,11 +56,11 @@
permission java.util.PropertyPermission "test.src", "read";
permission java.lang.RuntimePermission
- "accessClassInPackage.sun.security.provider";
+ "accessClassInPackage.sun.security.provider";
permission java.lang.RuntimePermission
- "accessClassInPackage.sun.security.pkcs";
+ "accessClassInPackage.sun.security.pkcs";
permission java.lang.RuntimePermission
- "accessClassInPackage.sun.security.x509";
+ "accessClassInPackage.sun.security.x509";
permission java.lang.RuntimePermission
- "accessClassInPackage.sun.security.rsa";
+ "accessClassInPackage.sun.security.rsa";
};
--- a/jdk/test/java/security/Policy/GetInstance/GetInstance.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/security/Policy/GetInstance/GetInstance.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,6 +1,3 @@
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
-};
grant {
permission java.security.SecurityPermission
--- a/jdk/test/java/security/Policy/GetInstance/GetInstance.policyURL Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/security/Policy/GetInstance/GetInstance.policyURL Thu Jul 10 22:44:58 2014 +0000
@@ -1,7 +1,3 @@
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
-};
-
grant {
permission java.security.SecurityPermission "GetInstanceTest";
};
--- a/jdk/test/java/security/Policy/GetInstance/GetInstanceSecurity.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/security/Policy/GetInstance/GetInstanceSecurity.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,7 +1,3 @@
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
-};
-
grant {
// do not grant this:
//
--- a/jdk/test/java/security/Security/AddProvider.policy.1 Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/security/Security/AddProvider.policy.1 Thu Jul 10 22:44:58 2014 +0000
@@ -1,7 +1,3 @@
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
-};
-
grant {
permission java.security.SecurityPermission "insertProvider";
};
--- a/jdk/test/java/security/Security/AddProvider.policy.2 Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/security/Security/AddProvider.policy.2 Thu Jul 10 22:44:58 2014 +0000
@@ -1,6 +1,3 @@
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
-};
grant {
permission java.security.SecurityPermission "insertProvider.Test1";
--- a/jdk/test/java/security/Security/AddProvider.policy.3 Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/security/Security/AddProvider.policy.3 Thu Jul 10 22:44:58 2014 +0000
@@ -1,6 +1,3 @@
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
-};
grant {
permission java.security.SecurityPermission "insertProvider.*";
--- a/jdk/test/java/security/Security/removing/RemoveStaticProvider.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/java/security/Security/removing/RemoveStaticProvider.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,10 +1,15 @@
+
+grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.SunJCE";
+ permission java.security.SecurityPermission "clearProviderProperties.SunJCE";
+ permission java.security.SecurityPermission "removeProviderProperty.SunJCE";
+};
+
grant {
permission java.security.SecurityPermission "removeProvider.SunJCE";
permission java.security.SecurityPermission "insertProvider.SunJCE";
};
-// Standard extensions get all permissions
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
--- a/jdk/test/javax/security/auth/login/Configuration/GetInstanceSecurity.grantedPolicy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/javax/security/auth/login/Configuration/GetInstanceSecurity.grantedPolicy Thu Jul 10 22:44:58 2014 +0000
@@ -1,7 +1,3 @@
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
-};
-
grant {
permission java.util.PropertyPermission "test.src", "read";
permission java.io.FilePermission "${test.src}${/}*", "read";
--- a/jdk/test/javax/security/auth/login/Configuration/GetInstanceSecurity.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/javax/security/auth/login/Configuration/GetInstanceSecurity.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,6 +1,3 @@
-grant codeBase "file:${{java.ext.dirs}}/*" {
- permission java.security.AllPermission;
-};
grant {
--- a/jdk/test/jdk/nio/zipfs/test.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/jdk/nio/zipfs/test.policy Thu Jul 10 22:44:58 2014 +0000
@@ -4,10 +4,6 @@
permission java.util.PropertyPermission "*", "read";
};
-grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
- permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
-};
-
grant {
permission java.io.FilePermission "<<ALL FILES>>","read,write,delete";
permission java.util.PropertyPermission "test.jdk","read";
--- a/jdk/test/sun/net/www/http/HttpClient/IsKeepingAlive.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/sun/net/www/http/HttpClient/IsKeepingAlive.policy Thu Jul 10 22:44:58 2014 +0000
@@ -5,13 +5,6 @@
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
};
-// From system java.policy
-// Standard extensions get all permissions by default
-
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
// default permissions granted to all domains
grant {
--- a/jdk/test/sun/net/www/http/HttpClient/OpenServer.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/sun/net/www/http/HttpClient/OpenServer.policy Thu Jul 10 22:44:58 2014 +0000
@@ -5,13 +5,6 @@
permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http";
};
-// From system java.policy
-// Standard extensions get all permissions by default
-
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
// default permissions granted to all domains
grant {
--- a/jdk/test/sun/rmi/server/MarshalOutputStream/marshalForeignStub/security.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/sun/rmi/server/MarshalOutputStream/marshalForeignStub/security.policy Thu Jul 10 22:44:58 2014 +0000
@@ -2,10 +2,6 @@
* security policy used by MarshalForeignStub test
*/
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
grant {
// used by TestLibrary to determine test environment
--- a/jdk/test/sun/security/pkcs11/KeyStore/Basic.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/sun/security/pkcs11/KeyStore/Basic.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,5 +1,15 @@
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
+grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.*";
+ permission java.security.SecurityPermission "clearProviderProperties.*";
+ permission java.security.SecurityPermission "removeProviderProperty.*";
+ permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
+ permission java.security.SecurityPermission "authProvider.*";
+ // Needed for reading PKCS11 config file and NSS library check
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
};
grant codebase "file:${user.dir}${/}loader.jar" {
--- a/jdk/test/sun/security/pkcs11/Provider/Login.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/sun/security/pkcs11/Provider/Login.policy Thu Jul 10 22:44:58 2014 +0000
@@ -1,5 +1,16 @@
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
+grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+ permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+ permission java.util.PropertyPermission "*", "read";
+ permission java.security.SecurityPermission "putProviderProperty.*";
+ permission java.security.SecurityPermission "clearProviderProperties.*";
+ permission java.security.SecurityPermission "removeProviderProperty.*";
+ permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
+
+ permission java.security.SecurityPermission "authProvider.*";
+ // Needed for reading PKCS11 config file and NSS library check
+ permission java.io.FilePermission "<<ALL FILES>>", "read";
};
grant {
--- a/jdk/test/sun/security/provider/PolicyFile/Alias.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/sun/security/provider/PolicyFile/Alias.policy Thu Jul 10 22:44:58 2014 +0000
@@ -10,9 +10,3 @@
principal com.sun.security.auth.UnixPrincipal "unix" {
permission java.security.SecurityPermission "ALIAS";
};
-
-// Standard extensions get all permissions
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
--- a/jdk/test/sun/security/provider/PolicyFile/AliasExpansion.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/sun/security/provider/PolicyFile/AliasExpansion.policy Thu Jul 10 22:44:58 2014 +0000
@@ -20,9 +20,3 @@
permission java.security.SecurityPermission
"${{alias}}";
};
-
-// Standard extensions get all permissions
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-
--- a/jdk/test/sun/security/provider/PolicyFile/TrustedCert.policy Thu Jul 10 12:40:48 2014 -0700
+++ b/jdk/test/sun/security/provider/PolicyFile/TrustedCert.policy Thu Jul 10 22:44:58 2014 +0000
@@ -9,8 +9,3 @@
permission java.util.PropertyPermission "foo", "read";
};
-// Standard extensions get all permissions
-grant codeBase "file:${java.home}/lib/ext/*" {
- permission java.security.AllPermission;
-};
-