8154191: Deprivilege java.smartcardio module
Summary: Updated java.policy with the entry for java.smartcardio module
Reviewed-by: mullan, mchung
--- a/jdk/src/java.base/share/conf/security/java.policy Wed Jun 15 13:44:16 2016 -0700
+++ b/jdk/src/java.base/share/conf/security/java.policy Wed Jun 15 23:24:08 2016 +0000
@@ -100,6 +100,18 @@
permission java.security.AllPermission;
};
+grant codeBase "jrt:/java.smartcardio" {
+ permission javax.smartcardio.CardPermission "*", "*";
+ permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
+ permission java.util.PropertyPermission "*", "read";
+ // needed for looking up native PC/SC library
+ permission java.io.FilePermission "<<ALL FILES>>","read";
+ permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
+ permission java.security.SecurityPermission "clearProviderProperties.SunPCSC";
+ permission java.security.SecurityPermission "removeProviderProperty.SunPCSC";
+};
+
grant codeBase "jrt:/java.xml.bind" {
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
--- a/jdk/test/javax/smartcardio/TerminalFactorySpiTest.java Wed Jun 15 13:44:16 2016 -0700
+++ b/jdk/test/javax/smartcardio/TerminalFactorySpiTest.java Wed Jun 15 23:24:08 2016 +0000
@@ -26,7 +26,7 @@
* @bug 8049021
* @summary Test if we can write new provider for smart card
* @compile -addmods java.smartcardio TerminalFactorySpiTest.java
- * @run main/othervm/policy=policy -addmods java.smartcardio TerminalFactorySpiTest
+ * @run main/othervm/java.security.policy=policy -addmods java.smartcardio TerminalFactorySpiTest
*/
import java.security.Provider;
import java.security.Security;