changeset 14375:160221b05c27

8155513: Deprivilege jdk.charsets Reviewed-by: alanb, chegar
author mchung
date Thu, 05 May 2016 22:39:36 -0700
parents 2d42c4cfd5ac
children 335bbeff90c5
files src/java.base/share/conf/security/java.policy test/java/nio/charset/spi/basic.sh test/java/nio/charset/spi/default-pol
diffstat 3 files changed, 18 insertions(+), 1 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/conf/security/java.policy	Fri May 06 11:38:44 2016 +0800
+++ b/src/java.base/share/conf/security/java.policy	Thu May 05 22:39:36 2016 -0700
@@ -12,6 +12,15 @@
         permission java.security.AllPermission;
 };
 
+grant codeBase "jrt:/jdk.charsets" {
+        permission java.io.FilePermission "${java.home}/-", "read";
+        permission java.util.PropertyPermission "os.name", "read";
+        permission java.util.PropertyPermission "sun.nio.cs.map", "read";
+        permission java.lang.RuntimePermission "charsetProvider";
+        permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
+        permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
+};
+
 grant codeBase "jrt:/jdk.crypto.ucrypto" {
         permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
         permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
--- a/test/java/nio/charset/spi/basic.sh	Fri May 06 11:38:44 2016 +0800
+++ b/test/java/nio/charset/spi/basic.sh	Thu May 05 22:39:36 2016 -0700
@@ -113,7 +113,7 @@
 		     av="$av -Djava.security.manager -Djava.security.policy==$TESTSRC/default-pol";;
       cp-policy)     css="$CSS FOO";
 		     av="$av -Djava.security.manager
-		         -Djava.security.policy==$TESTSRC/charsetProvider.sp";;
+		         -Djava.security.policy=$TESTSRC/charsetProvider.sp";;
     esac
     if (set -x; $JAVA ${TESTVMOPTS} $av Test $css) 2>&1; then
       continue;
--- a/test/java/nio/charset/spi/default-pol	Fri May 06 11:38:44 2016 +0800
+++ b/test/java/nio/charset/spi/default-pol	Thu May 05 22:39:36 2016 -0700
@@ -1,3 +1,11 @@
+grant codeBase "jrt:/jdk.charsets" {
+        permission java.io.FilePermission "${java.home}/-", "read";
+        permission java.util.PropertyPermission "os.name", "read";
+        permission java.util.PropertyPermission "sun.nio.cs.map", "read";
+        permission java.lang.RuntimePermission "charsetProvider";
+        permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
+        permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
+};
 
 // default permissions granted to all domains