Mercurial Mercurial > jdk-sandbox / changeset
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | raw | help
Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader
authormchung
Fri, 06 Feb 2015 15:42:07 -0800
changeset 28849 ccf9d86e52ec
parent 28848 824124d1cba5
child 28850 4996a75e8bfb
child 29013 6b20c10ac851
8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader Reviewed-by: alanb, dfuchs, lancea, mkos
jdk/make/src/classes/build/tools/module/boot.modules file | annotate | diff | comparison | revisions
jdk/make/src/classes/build/tools/module/ext.modules file | annotate | diff | comparison | revisions
jdk/src/java.base/share/conf/security/java.policy file | annotate | diff | comparison | revisions 
--- a/jdk/make/src/classes/build/tools/module/boot.modules	Fri Feb 06 17:29:11 2015 -0500
+++ b/jdk/make/src/classes/build/tools/module/boot.modules	Fri Feb 06 15:42:07 2015 -0800
@@ -1,7 +1,5 @@
 java.base
 java.desktop
-java.activation
-java.annotations.common
 java.compiler
 java.corba
 java.instrument
@@ -18,9 +16,7 @@
 java.sql.rowset
 java.transaction
 java.xml
-java.xml.bind
 java.xml.crypto
-java.xml.ws
 jdk.charsets
 jdk.deploy
 jdk.deploy.osx
--- a/jdk/make/src/classes/build/tools/module/ext.modules	Fri Feb 06 17:29:11 2015 -0500
+++ b/jdk/make/src/classes/build/tools/module/ext.modules	Fri Feb 06 15:42:07 2015 -0800
@@ -1,3 +1,7 @@
+java.activation
+java.annotations.common
+java.xml.bind
+java.xml.ws
 jdk.crypto.ec
 jdk.crypto.mscapi
 jdk.crypto.pkcs11
--- a/jdk/src/java.base/share/conf/security/java.policy	Fri Feb 06 17:29:11 2015 -0500
+++ b/jdk/src/java.base/share/conf/security/java.policy	Fri Feb 06 15:42:07 2015 -0800
@@ -55,6 +55,29 @@
         permission java.io.FilePermission "<<ALL FILES>>", "read";
 };
 
+grant codeBase "jrt:/java.xml.ws" {
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*";
+        permission java.lang.RuntimePermission "accessDeclaredMembers";
+        permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+        permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "jrt:/java.xml.bind" {
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
+        permission java.lang.RuntimePermission "accessDeclaredMembers";
+        permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+        permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "jrt:/java.activation" {
+        permission java.security.AllPermission;
+};
+
 // default permissions granted to all domains
 
 grant {
jdk-sandbox