changeset 11374:9b199662b604

8057645: Deprivilege JAX-WS, JAXB, JAF to extension class loader Reviewed-by: alanb, dfuchs, lancea, mkos
author mchung
date Fri, 06 Feb 2015 15:42:07 -0800
parents 1f2da3273bd8
children 6b1204c1d626 cf29d39bf0de
files make/src/classes/build/tools/module/boot.modules make/src/classes/build/tools/module/ext.modules src/java.base/share/conf/security/java.policy
diffstat 3 files changed, 27 insertions(+), 4 deletions(-) [+]
line wrap: on
line diff
--- a/make/src/classes/build/tools/module/boot.modules	Fri Feb 06 17:29:11 2015 -0500
+++ b/make/src/classes/build/tools/module/boot.modules	Fri Feb 06 15:42:07 2015 -0800
@@ -1,7 +1,5 @@
 java.base
 java.desktop
-java.activation
-java.annotations.common
 java.compiler
 java.corba
 java.instrument
@@ -18,9 +16,7 @@
 java.sql.rowset
 java.transaction
 java.xml
-java.xml.bind
 java.xml.crypto
-java.xml.ws
 jdk.charsets
 jdk.deploy
 jdk.deploy.osx
--- a/make/src/classes/build/tools/module/ext.modules	Fri Feb 06 17:29:11 2015 -0500
+++ b/make/src/classes/build/tools/module/ext.modules	Fri Feb 06 15:42:07 2015 -0800
@@ -1,3 +1,7 @@
+java.activation
+java.annotations.common
+java.xml.bind
+java.xml.ws
 jdk.crypto.ec
 jdk.crypto.mscapi
 jdk.crypto.pkcs11
--- a/src/java.base/share/conf/security/java.policy	Fri Feb 06 17:29:11 2015 -0500
+++ b/src/java.base/share/conf/security/java.policy	Fri Feb 06 15:42:07 2015 -0800
@@ -55,6 +55,29 @@
         permission java.io.FilePermission "<<ALL FILES>>", "read";
 };
 
+grant codeBase "jrt:/java.xml.ws" {
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*";
+        permission java.lang.RuntimePermission "accessDeclaredMembers";
+        permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+        permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "jrt:/java.xml.bind" {
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
+        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
+        permission java.lang.RuntimePermission "accessDeclaredMembers";
+        permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+        permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "jrt:/java.activation" {
+        permission java.security.AllPermission;
+};
+
 // default permissions granted to all domains
 
 grant {