8182137: Missing permissions in deprivileged java.xml.bind and java.xml.ws modules
Reviewed-by: alanb, mullan
--- a/jdk/src/java.base/share/lib/security/default.policy Tue Jun 13 13:43:37 2017 -0700
+++ b/jdk/src/java.base/share/lib/security/default.policy Wed Jun 14 09:21:28 2017 -0700
@@ -20,9 +20,6 @@
permission java.security.AllPermission;
};
-grant codeBase "jrt:/jdk.incubator.httpclient" {
-};
-
grant codeBase "jrt:/java.scripting" {
permission java.security.AllPermission;
};
@@ -69,17 +66,7 @@
};
grant codeBase "jrt:/java.xml.bind" {
- permission java.lang.RuntimePermission
- "accessClassInPackage.sun.misc";
- permission java.lang.RuntimePermission
- "accessClassInPackage.com.sun.xml.internal.*";
- permission java.lang.RuntimePermission
- "accessClassInPackage.com.sun.istack.internal";
- permission java.lang.RuntimePermission
- "accessClassInPackage.com.sun.istack.internal.*";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.util.PropertyPermission "*", "read";
+ permission java.security.AllPermission;
};
grant codeBase "jrt:/java.xml.crypto" {
@@ -104,19 +91,11 @@
};
grant codeBase "jrt:/java.xml.ws" {
- permission java.net.NetPermission
- "getProxySelector";
- permission java.lang.RuntimePermission
- "accessClassInPackage.sun.misc";
- permission java.lang.RuntimePermission
- "accessClassInPackage.com.sun.xml.internal.*";
- permission java.lang.RuntimePermission
- "accessClassInPackage.com.sun.istack.internal";
- permission java.lang.RuntimePermission
- "accessClassInPackage.com.sun.istack.internal.*";
- permission java.lang.RuntimePermission "accessDeclaredMembers";
- permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
- permission java.util.PropertyPermission "*", "read";
+ permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.accessibility" {
+ permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
};
grant codeBase "jrt:/jdk.charsets" {
@@ -155,6 +134,10 @@
permission java.io.FilePermission "<<ALL FILES>>", "read";
};
+grant codeBase "jrt:/jdk.desktop" {
+ permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt";
+};
+
grant codeBase "jrt:/jdk.dynalink" {
permission java.security.AllPermission;
};
@@ -163,6 +146,10 @@
permission java.security.AllPermission;
};
+grant codeBase "jrt:/jdk.internal.vm.compiler" {
+ permission java.security.AllPermission;
+};
+
grant codeBase "jrt:/jdk.jsobject" {
permission java.security.AllPermission;
};
@@ -198,14 +185,6 @@
permission java.util.PropertyPermission "os.name", "read";
};
-grant codeBase "jrt:/jdk.accessibility" {
- permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
-};
-
-grant codeBase "jrt:/jdk.desktop" {
- permission java.lang.RuntimePermission "accessClassInPackage.com.sun.awt";
-};
-
// permissions needed by applications using java.desktop module
grant {
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans";
@@ -213,7 +192,3 @@
permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*";
permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*";
};
-
-grant codeBase "jrt:/jdk.internal.vm.compiler" {
- permission java.security.AllPermission;
-};