OpenJDK / bsd-port / jdk9 / jdk
changeset 10276:7f8294841146
8043406: Change default policy for JCE providers to run with as few privileges as possible
Summary: Provide default permissions for crypto providers
Reviewed-by: mullan, vinnie
line wrap: on
line diff
--- a/src/share/classes/sun/security/jca/ProviderConfig.java Thu Jul 10 12:40:48 2014 -0700 +++ b/src/share/classes/sun/security/jca/ProviderConfig.java Thu Jul 10 22:44:58 2014 +0000 @@ -255,6 +255,14 @@ disableLoad(); } return null; + } catch (ExceptionInInitializerError err) { + // no sufficient permission to initialize provider class + if (debug != null) { + debug.println("Error loading provider " + ProviderConfig.this); + err.printStackTrace(); + } + disableLoad(); + return null; } } });
--- a/src/share/lib/security/java.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/src/share/lib/security/java.policy Thu Jul 10 22:44:58 2014 +0000 @@ -26,15 +26,36 @@ }; grant codeBase "file:${java.home}/lib/ext/sunec.jar" { - permission java.security.AllPermission; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "loadLibrary.sunec"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunEC"; + permission java.security.SecurityPermission "clearProviderProperties.SunEC"; + permission java.security.SecurityPermission "removeProviderProperty.SunEC"; }; grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" { - permission java.security.AllPermission; + permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunJCE"; + permission java.security.SecurityPermission "clearProviderProperties.SunJCE"; + permission java.security.SecurityPermission "removeProviderProperty.SunJCE"; }; grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { - permission java.security.AllPermission; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; + // needs "security.pkcs11.allowSingleThreadedModules" + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.*"; + permission java.security.SecurityPermission "clearProviderProperties.*"; + permission java.security.SecurityPermission "removeProviderProperty.*"; + permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; + permission java.security.SecurityPermission "authProvider.*"; + // Needed for reading PKCS11 config file and NSS library check + permission java.io.FilePermission "<<ALL FILES>>", "read"; }; // default permissions granted to all domains
--- a/src/windows/lib/security/java.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/src/windows/lib/security/java.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,3 +1,8 @@ grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" { - permission java.security.AllPermission; -}; + Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "loadLibrary.sunmscapi"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI"; + permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI"; + permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI"; +}
--- a/test/java/io/Serializable/subclassGC/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/io/Serializable/subclassGC/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,6 +1,3 @@ -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; -}; grant { permission java.lang.RuntimePermission "createClassLoader";
--- a/test/java/lang/System/System.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/lang/System/System.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,10 +1,5 @@ // // Used by SecurityRace.java -// Standard extensions get all permissions by default - -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; -}; // default permissions granted to all domains
--- a/test/java/net/URLPermission/policy.1 Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/net/URLPermission/policy.1 Thu Jul 10 22:44:58 2014 +0000 @@ -37,9 +37,56 @@ }; // Normal permissions that aren't granted when run under jtreg +grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; + permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; + permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; + permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read"; +}; -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; +grant codeBase "file:${java.home}/lib/ext/sunec.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "loadLibrary.sunec"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunEC"; + permission java.security.SecurityPermission "clearProviderProperties.SunEC"; + permission java.security.SecurityPermission "removeProviderProperty.SunEC"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunJCE"; + permission java.security.SecurityPermission "clearProviderProperties.SunJCE"; + permission java.security.SecurityPermission "removeProviderProperty.SunJCE"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.*"; + permission java.security.SecurityPermission "clearProviderProperties.*"; + permission java.security.SecurityPermission "removeProviderProperty.*"; + permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; + permission java.security.SecurityPermission "authProvider.*"; + // Needed for reading PKCS11 config file and NSS library check + permission java.io.FilePermission "<<ALL FILES>>", "read"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" { + Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "loadLibrary.sunmscapi"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI"; + permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI"; + permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI"; }; grant codeBase "file:${{java.home}}/jre/lib/rt.jar" {
--- a/test/java/net/URLPermission/policy.2 Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/net/URLPermission/policy.2 Thu Jul 10 22:44:58 2014 +0000 @@ -36,8 +36,57 @@ permission "java.lang.RuntimePermission" "setFactory"; }; -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; +// Normal permissions that aren't granted when run under jtreg +grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; + permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; + permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; + permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunec.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "loadLibrary.sunec"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunEC"; + permission java.security.SecurityPermission "clearProviderProperties.SunEC"; + permission java.security.SecurityPermission "removeProviderProperty.SunEC"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunJCE"; + permission java.security.SecurityPermission "clearProviderProperties.SunJCE"; + permission java.security.SecurityPermission "removeProviderProperty.SunJCE"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.*"; + permission java.security.SecurityPermission "clearProviderProperties.*"; + permission java.security.SecurityPermission "removeProviderProperty.*"; + permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; + permission java.security.SecurityPermission "authProvider.*"; + // Needed for reading PKCS11 config file and NSS library check + permission java.io.FilePermission "<<ALL FILES>>", "read"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" { + Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "loadLibrary.sunmscapi"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI"; + permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI"; + permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI"; }; grant codeBase "file:///export/repos/jdk8/build/linux-x86_64-normal-server-fastdebug/images/j2sdk-image/jre/lib/rt.jar" {
--- a/test/java/net/URLPermission/policy.3 Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/net/URLPermission/policy.3 Thu Jul 10 22:44:58 2014 +0000 @@ -37,9 +37,56 @@ }; // Normal permissions that aren't granted when run under jtreg +grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; + permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; + permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; + permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read"; +}; -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; +grant codeBase "file:${java.home}/lib/ext/sunec.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "loadLibrary.sunec"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunEC"; + permission java.security.SecurityPermission "clearProviderProperties.SunEC"; + permission java.security.SecurityPermission "removeProviderProperty.SunEC"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunJCE"; + permission java.security.SecurityPermission "clearProviderProperties.SunJCE"; + permission java.security.SecurityPermission "removeProviderProperty.SunJCE"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.*"; + permission java.security.SecurityPermission "clearProviderProperties.*"; + permission java.security.SecurityPermission "removeProviderProperty.*"; + permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; + permission java.security.SecurityPermission "authProvider.*"; + // Needed for reading PKCS11 config file and NSS library check + permission java.io.FilePermission "<<ALL FILES>>", "read"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" { + Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "loadLibrary.sunmscapi"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI"; + permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI"; + permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI"; }; grant codeBase "file:${{java.home}}/jre/lib/rt.jar" {
--- a/test/java/nio/charset/spi/default-pol Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/nio/charset/spi/default-pol Thu Jul 10 22:44:58 2014 +0000 @@ -1,9 +1,3 @@ - -// Standard extensions get all permissions by default - -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; // default permissions granted to all domains
--- a/test/java/rmi/activation/Activatable/checkActivateRef/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/checkActivateRef/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // test explicitly acccesses sun.rmi.server.ActivatableRef permission java.lang.RuntimePermission "accessClassInPackage.sun.rmi.server";
--- a/test/java/rmi/activation/Activatable/checkAnnotations/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/checkAnnotations/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/checkImplClassLoader/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/checkImplClassLoader/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // need to move some classes out of the tests classpath; specific to this test permission java.io.FilePermission "${test.classes}", "read,write,delete";
--- a/test/java/rmi/activation/Activatable/checkRegisterInLog/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/checkRegisterInLog/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/createPrivateActivable/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/createPrivateActivable/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/downloadParameterClass/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/downloadParameterClass/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // need to move some classes out of the tests classpath; specific to this test permission java.io.FilePermission "${test.classes}", "read,write,delete";
--- a/test/java/rmi/activation/Activatable/elucidateNoSuchMethod/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/elucidateNoSuchMethod/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // Needed because of bug#: 4182104 permission java.lang.RuntimePermission "modifyThreadGroup";
--- a/test/java/rmi/activation/Activatable/extLoadedImpl/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/extLoadedImpl/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,6 +1,3 @@ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; grant { // standard activation permissions
--- a/test/java/rmi/activation/Activatable/forceLogSnapshot/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/forceLogSnapshot/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/inactiveGroup/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/inactiveGroup/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/nestedActivate/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/nestedActivate/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/nonExistentActivatable/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/nonExistentActivatable/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/restartCrashedService/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/restartCrashedService/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/restartLatecomer/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/restartLatecomer/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/restartService/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/restartService/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/shutdownGracefully/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/shutdownGracefully/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/Activatable/unregisterInactive/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/Activatable/unregisterInactive/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/ActivationSystem/activeGroup/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/ActivationSystem/activeGroup/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,6 +1,3 @@ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; grant { // standard test activation permissions
--- a/test/java/rmi/activation/ActivationSystem/modifyDescriptor/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/ActivationSystem/modifyDescriptor/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/ActivationSystem/unregisterGroup/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/ActivationSystem/unregisterGroup/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/activation/CommandEnvironment/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/activation/CommandEnvironment/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // standard test activation permissions permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/dgc/VMID/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/dgc/VMID/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,11 +1,6 @@ /* * security policy used by MarshalForeignStub test */ - -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // used by TestLibrary to determine test environment
--- a/test/java/rmi/dgc/dgcImplInsulation/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/dgc/dgcImplInsulation/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,11 +1,6 @@ /* * security policy used by the test process */ - -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // so that synchronous DGC dirty call will succeed permission java.net.SocketPermission "*:1024-", "accept,connect,listen";
--- a/test/java/rmi/registry/classPathCodebase/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/registry/classPathCodebase/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // need to move some classes out of the test's classpath; specific to this test permission java.io.FilePermission "${test.classes}", "read,write,delete";
--- a/test/java/rmi/server/RMIClassLoader/delegateToContextLoader/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RMIClassLoader/delegateToContextLoader/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // test must create a context loader for the current thread. permission java.lang.RuntimePermission "createClassLoader";
--- a/test/java/rmi/server/RMIClassLoader/downloadArrayClass/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RMIClassLoader/downloadArrayClass/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { permission java.util.PropertyPermission "java.rmi.server.codebase", "read,write";
--- a/test/java/rmi/server/RMIClassLoader/getClassLoader/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RMIClassLoader/getClassLoader/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // permissions needed to move classes into separate codebase directories permission java.io.FilePermission
--- a/test/java/rmi/server/RMIClassLoader/loadProxyClasses/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RMIClassLoader/loadProxyClasses/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // permissions needed to move classes into separate codebase directories
--- a/test/java/rmi/server/RMIClassLoader/spi/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RMIClassLoader/spi/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // permissions needed to move classes into separate codebase directories
--- a/test/java/rmi/server/RMIClassLoader/useCodebaseOnly/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RMIClassLoader/useCodebaseOnly/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // specific property access needed by this test
--- a/test/java/rmi/server/RMIClassLoader/useGetURLs/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RMIClassLoader/useGetURLs/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // the test needs to move classfiles out of its classpath permission java.io.FilePermission "${test.classes}", "read,write,delete";
--- a/test/java/rmi/server/RMISocketFactory/useSocketFactory/activatable/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RMISocketFactory/useSocketFactory/activatable/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // property specifically accessed by this test permission java.util.PropertyPermission "user.name", "read";
--- a/test/java/rmi/server/RMISocketFactory/useSocketFactory/registry/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RMISocketFactory/useSocketFactory/registry/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // used by TestLibrary to determine extra commandline properties permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/server/RMISocketFactory/useSocketFactory/unicast/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RMISocketFactory/useSocketFactory/unicast/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // used by TestLibrary to determine extra commandline properties permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/server/RemoteServer/setLogPermission/java.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/RemoteServer/setLogPermission/java.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,7 +1,3 @@ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { permission java.util.logging.LoggingPermission "control"; };
--- a/test/java/rmi/server/clientStackTrace/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/clientStackTrace/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // test needs to export rmid and communicate with objects on arbitrary ports permission java.net.SocketPermission "*:1024-", "connect,accept,listen";
--- a/test/java/rmi/server/useCustomRef/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/server/useCustomRef/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // the test uses a class in the package sun.rmi.server permission java.lang.RuntimePermission "accessClassInPackage.sun.rmi.registry";
--- a/test/java/rmi/transport/checkLeaseInfoLeak/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/transport/checkLeaseInfoLeak/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // used by TestLibrary to determine extra commandline properties permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/transport/dgcDeadLock/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/transport/dgcDeadLock/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by the test process */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // used by TestLibrary to determine extra commandline properties permission java.io.FilePermission "..${/}..${/}test.props", "read";
--- a/test/java/rmi/transport/httpSocket/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/rmi/transport/httpSocket/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,6 +1,3 @@ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; grant { permission java.net.SocketPermission "*:1024-", "accept,connect,listen";
--- a/test/java/security/KeyRep/Serial.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/security/KeyRep/Serial.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,5 +1,10 @@ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; +grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunJCE"; + permission java.security.SecurityPermission "clearProviderProperties.SunJCE"; + permission java.security.SecurityPermission "removeProviderProperty.SunJCE"; }; grant {
--- a/test/java/security/KeyRep/SerialOld.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/security/KeyRep/SerialOld.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,5 +1,53 @@ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; +grant codeBase "file:${java.home}/lib/ext/ucrypto.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2ucrypto"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto"; + permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto"; + permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto"; + permission java.io.FilePermission "${java.home}/lib/security/ucrypto-solaris.cfg", "read"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunec.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "loadLibrary.sunec"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunEC"; + permission java.security.SecurityPermission "clearProviderProperties.SunEC"; + permission java.security.SecurityPermission "removeProviderProperty.SunEC"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunJCE"; + permission java.security.SecurityPermission "clearProviderProperties.SunJCE"; + permission java.security.SecurityPermission "removeProviderProperty.SunJCE"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.*"; + permission java.security.SecurityPermission "clearProviderProperties.*"; + permission java.security.SecurityPermission "removeProviderProperty.*"; + permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; + permission java.security.SecurityPermission "authProvider.*"; + // Needed for reading PKCS11 config file and NSS library check + permission java.io.FilePermission "<<ALL FILES>>", "read"; +}; + +grant codeBase "file:${java.home}/lib/ext/sunmscapi.jar" { + Permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "loadLibrary.sunmscapi"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI"; + permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI"; + permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI"; }; grant { @@ -8,11 +56,11 @@ permission java.util.PropertyPermission "test.src", "read"; permission java.lang.RuntimePermission - "accessClassInPackage.sun.security.provider"; + "accessClassInPackage.sun.security.provider"; permission java.lang.RuntimePermission - "accessClassInPackage.sun.security.pkcs"; + "accessClassInPackage.sun.security.pkcs"; permission java.lang.RuntimePermission - "accessClassInPackage.sun.security.x509"; + "accessClassInPackage.sun.security.x509"; permission java.lang.RuntimePermission - "accessClassInPackage.sun.security.rsa"; + "accessClassInPackage.sun.security.rsa"; };
--- a/test/java/security/Policy/GetInstance/GetInstance.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/security/Policy/GetInstance/GetInstance.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,6 +1,3 @@ -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; -}; grant { permission java.security.SecurityPermission
--- a/test/java/security/Policy/GetInstance/GetInstance.policyURL Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/security/Policy/GetInstance/GetInstance.policyURL Thu Jul 10 22:44:58 2014 +0000 @@ -1,7 +1,3 @@ -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; -}; - grant { permission java.security.SecurityPermission "GetInstanceTest"; };
--- a/test/java/security/Policy/GetInstance/GetInstanceSecurity.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/security/Policy/GetInstance/GetInstanceSecurity.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,7 +1,3 @@ -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; -}; - grant { // do not grant this: //
--- a/test/java/security/Security/AddProvider.policy.1 Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/security/Security/AddProvider.policy.1 Thu Jul 10 22:44:58 2014 +0000 @@ -1,7 +1,3 @@ -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; -}; - grant { permission java.security.SecurityPermission "insertProvider"; };
--- a/test/java/security/Security/AddProvider.policy.2 Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/security/Security/AddProvider.policy.2 Thu Jul 10 22:44:58 2014 +0000 @@ -1,6 +1,3 @@ -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; -}; grant { permission java.security.SecurityPermission "insertProvider.Test1";
--- a/test/java/security/Security/AddProvider.policy.3 Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/security/Security/AddProvider.policy.3 Thu Jul 10 22:44:58 2014 +0000 @@ -1,6 +1,3 @@ -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; -}; grant { permission java.security.SecurityPermission "insertProvider.*";
--- a/test/java/security/Security/removing/RemoveStaticProvider.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/java/security/Security/removing/RemoveStaticProvider.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,10 +1,15 @@ + +grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.misc"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.SunJCE"; + permission java.security.SecurityPermission "clearProviderProperties.SunJCE"; + permission java.security.SecurityPermission "removeProviderProperty.SunJCE"; +}; + grant { permission java.security.SecurityPermission "removeProvider.SunJCE"; permission java.security.SecurityPermission "insertProvider.SunJCE"; }; -// Standard extensions get all permissions -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; -
--- a/test/javax/security/auth/login/Configuration/GetInstanceSecurity.grantedPolicy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/javax/security/auth/login/Configuration/GetInstanceSecurity.grantedPolicy Thu Jul 10 22:44:58 2014 +0000 @@ -1,7 +1,3 @@ -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; -}; - grant { permission java.util.PropertyPermission "test.src", "read"; permission java.io.FilePermission "${test.src}${/}*", "read";
--- a/test/javax/security/auth/login/Configuration/GetInstanceSecurity.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/javax/security/auth/login/Configuration/GetInstanceSecurity.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,6 +1,3 @@ -grant codeBase "file:${{java.ext.dirs}}/*" { - permission java.security.AllPermission; -}; grant {
--- a/test/jdk/nio/zipfs/test.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/jdk/nio/zipfs/test.policy Thu Jul 10 22:44:58 2014 +0000 @@ -4,10 +4,6 @@ permission java.util.PropertyPermission "*", "read"; }; -grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { - permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; -}; - grant { permission java.io.FilePermission "<<ALL FILES>>","read,write,delete"; permission java.util.PropertyPermission "test.jdk","read";
--- a/test/sun/net/www/http/HttpClient/IsKeepingAlive.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/sun/net/www/http/HttpClient/IsKeepingAlive.policy Thu Jul 10 22:44:58 2014 +0000 @@ -5,13 +5,6 @@ permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; }; -// From system java.policy -// Standard extensions get all permissions by default - -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - // default permissions granted to all domains grant {
--- a/test/sun/net/www/http/HttpClient/OpenServer.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/sun/net/www/http/HttpClient/OpenServer.policy Thu Jul 10 22:44:58 2014 +0000 @@ -5,13 +5,6 @@ permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www.http"; }; -// From system java.policy -// Standard extensions get all permissions by default - -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - // default permissions granted to all domains grant {
--- a/test/sun/rmi/server/MarshalOutputStream/marshalForeignStub/security.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/sun/rmi/server/MarshalOutputStream/marshalForeignStub/security.policy Thu Jul 10 22:44:58 2014 +0000 @@ -2,10 +2,6 @@ * security policy used by MarshalForeignStub test */ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; - grant { // used by TestLibrary to determine test environment
--- a/test/sun/security/pkcs11/KeyStore/Basic.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/sun/security/pkcs11/KeyStore/Basic.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,5 +1,15 @@ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; +grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.*"; + permission java.security.SecurityPermission "clearProviderProperties.*"; + permission java.security.SecurityPermission "removeProviderProperty.*"; + permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; + permission java.security.SecurityPermission "authProvider.*"; + // Needed for reading PKCS11 config file and NSS library check + permission java.io.FilePermission "<<ALL FILES>>", "read"; }; grant codebase "file:${user.dir}${/}loader.jar" {
--- a/test/sun/security/pkcs11/Provider/Login.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/sun/security/pkcs11/Provider/Login.policy Thu Jul 10 22:44:58 2014 +0000 @@ -1,5 +1,16 @@ -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; +grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" { + permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; + permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch"; + permission java.lang.RuntimePermission "loadLibrary.j2pkcs11"; + permission java.util.PropertyPermission "*", "read"; + permission java.security.SecurityPermission "putProviderProperty.*"; + permission java.security.SecurityPermission "clearProviderProperties.*"; + permission java.security.SecurityPermission "removeProviderProperty.*"; + permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler"; + + permission java.security.SecurityPermission "authProvider.*"; + // Needed for reading PKCS11 config file and NSS library check + permission java.io.FilePermission "<<ALL FILES>>", "read"; }; grant {
--- a/test/sun/security/provider/PolicyFile/Alias.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/sun/security/provider/PolicyFile/Alias.policy Thu Jul 10 22:44:58 2014 +0000 @@ -10,9 +10,3 @@ principal com.sun.security.auth.UnixPrincipal "unix" { permission java.security.SecurityPermission "ALIAS"; }; - -// Standard extensions get all permissions -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; -
--- a/test/sun/security/provider/PolicyFile/AliasExpansion.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/sun/security/provider/PolicyFile/AliasExpansion.policy Thu Jul 10 22:44:58 2014 +0000 @@ -20,9 +20,3 @@ permission java.security.SecurityPermission "${{alias}}"; }; - -// Standard extensions get all permissions -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; -
--- a/test/sun/security/provider/PolicyFile/TrustedCert.policy Thu Jul 10 12:40:48 2014 -0700 +++ b/test/sun/security/provider/PolicyFile/TrustedCert.policy Thu Jul 10 22:44:58 2014 +0000 @@ -9,8 +9,3 @@ permission java.util.PropertyPermission "foo", "read"; }; -// Standard extensions get all permissions -grant codeBase "file:${java.home}/lib/ext/*" { - permission java.security.AllPermission; -}; -