8159528: Deprivilege java.security.jgss, jdk.security.jgss and jdk.security.auth
Reviewed-by: mchung, mullan
--- a/jdk/src/java.base/share/lib/security/default.policy Fri Jul 29 19:00:54 2016 -0400
+++ b/jdk/src/java.base/share/lib/security/default.policy Sun Jul 31 09:37:02 2016 +0800
@@ -24,6 +24,10 @@
permission java.security.AllPermission;
};
+grant codeBase "jrt:/java.security.jgss" {
+ permission java.security.AllPermission;
+};
+
grant codeBase "jrt:/java.smartcardio" {
permission javax.smartcardio.CardPermission "*", "*";
permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
@@ -152,6 +156,14 @@
permission java.security.AllPermission;
};
+grant codeBase "jrt:/jdk.security.auth" {
+ permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.security.jgss" {
+ permission java.security.AllPermission;
+};
+
grant codeBase "jrt:/jdk.zipfs" {
permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
permission java.lang.RuntimePermission "fileSystemProvider";
--- a/jdk/test/sun/security/krb5/auto/SSL.java Fri Jul 29 19:00:54 2016 -0400
+++ b/jdk/test/sun/security/krb5/auto/SSL.java Sun Jul 31 09:37:02 2016 +0800
@@ -92,6 +92,10 @@
boolean unbound = args.length > 1;
+ // Workaround for JDK-8161101, reference the class before
+ // SecurityManager is set.
+ System.out.println("Touching " + ServicePermission.class);
+
System.setSecurityManager(new SSL());
KDC kdc = KDC.create(OneKDC.REALM);