changeset 17266:8730c04eac90

8159752: Grant de-privileged module permissions by default with java.security.policy override option Reviewed-by: alanb, chegar, mchung, tbell, weijun
author mullan
date Fri, 29 Jul 2016 19:00:54 -0400
parents f04462601c21
children f28d7d2c4688
files make/copy/Copy-java.base.gmk src/java.base/share/classes/sun/security/provider/PolicyFile.java src/java.base/share/conf/security/java.policy src/java.base/share/lib/security/default.policy src/java.base/solaris/lib/security/default.policy src/java.base/windows/conf/security/java.policy src/java.base/windows/lib/security/default.policy test/sun/security/provider/PolicyFile/DefaultPolicy.java test/sun/security/provider/PolicyFile/Extra.policy
diffstat 9 files changed, 437 insertions(+), 359 deletions(-) [+]
line wrap: on
line diff
--- a/make/copy/Copy-java.base.gmk	Fri Jul 29 09:34:20 2016 -0700
+++ b/make/copy/Copy-java.base.gmk	Fri Jul 29 19:00:54 2016 -0400
@@ -166,18 +166,7 @@
 POLICY_SRC := $(JDK_TOPDIR)/src/java.base/share/conf/security/java.policy
 POLICY_DST := $(CONF_DST_DIR)/security/java.policy
 
-POLICY_SRC_LIST :=
-
-ifeq ($(OPENJDK_TARGET_OS), windows)
-  POLICY_SRC_LIST += $(JDK_TOPDIR)/src/java.base/$(OPENJDK_TARGET_OS)/conf/security/java.policy
-endif
-
-# Allow imported modules to modify the java.policy
-ifneq ($(IMPORT_MODULES_CONF), )
-  POLICY_SRC_LIST += $(wildcard $(IMPORT_MODULES_CONF)/java.base/security/java.policy.extra)
-endif
-
-POLICY_SRC_LIST += $(POLICY_SRC)
+POLICY_SRC_LIST := $(POLICY_SRC)
 
 $(POLICY_DST): $(POLICY_SRC_LIST)
 	$(MKDIR) -p $(@D)
@@ -189,6 +178,30 @@
 
 ################################################################################
 
+DEF_POLICY_SRC := $(JDK_TOPDIR)/src/java.base/share/lib/security/default.policy
+DEF_POLICY_DST := $(LIB_DST_DIR)/security/default.policy
+
+DEF_POLICY_SRC_LIST := $(DEF_POLICY_SRC)
+
+ifeq ($(OPENJDK_TARGET_OS), windows)
+  DEF_POLICY_SRC_LIST += $(JDK_TOPDIR)/src/java.base/$(OPENJDK_TARGET_OS)/lib/security/default.policy
+endif
+
+# Allow imported modules to modify the java.policy
+ifneq ($(IMPORT_MODULES_CONF), )
+  DEF_POLICY_SRC_LIST += $(wildcard $(IMPORT_MODULES_CONF)/java.base/security/java.policy.extra)
+endif
+
+$(DEF_POLICY_DST): $(DEF_POLICY_SRC_LIST)
+	$(MKDIR) -p $(@D)
+	$(RM) $@ $@.tmp
+	$(foreach f,$(DEF_POLICY_SRC_LIST),$(CAT) $(f) >> $@.tmp;)
+	$(MV) $@.tmp $@
+
+TARGETS += $(DEF_POLICY_DST)
+
+################################################################################
+
 ifeq ($(CACERTS_FILE), )
   CACERTS_FILE := $(JDK_TOPDIR)/src/java.base/share/conf/security/cacerts
 endif
--- a/src/java.base/share/classes/sun/security/provider/PolicyFile.java	Fri Jul 29 09:34:20 2016 -0700
+++ b/src/java.base/share/classes/sun/security/provider/PolicyFile.java	Fri Jul 29 19:00:54 2016 -0400
@@ -30,6 +30,7 @@
 import java.net.MalformedURLException;
 import java.net.URL;
 import java.net.URI;
+import java.nio.file.Paths;
 import java.util.*;
 import java.text.MessageFormat;
 import java.security.*;
@@ -52,18 +53,17 @@
 import sun.net.www.ParseUtil;
 
 /**
- * This class represents a default implementation for
- * <code>java.security.Policy</code>.
+ * This class represents a default Policy implementation for the
+ * "JavaPolicy" type.
  *
  * Note:
  * For backward compatibility with JAAS 1.0 it loads
- * both java.auth.policy and java.policy. However it
- * is recommended that java.auth.policy be not used
- * and the java.policy contain all grant entries including
- * that contain principal-based entries.
+ * both java.auth.policy and java.policy. However, it
+ * is recommended that java.auth.policy not be used
+ * and that java.policy contain all grant entries including
+ * those that contain principal-based entries.
  *
- *
- * <p> This object stores the policy for entire Java runtime,
+ * <p> This object stores the policy for the entire Java runtime,
  * and is the amalgamation of multiple static policy
  * configurations that resides in files.
  * The algorithm for locating the policy file(s) and reading their
@@ -71,6 +71,14 @@
  *
  * <ol>
  * <li>
+ *   Read in and load the default policy file named
+ *   &lt;JAVA_HOME&gt;/lib/security/default.policy. &lt;JAVA_HOME&gt; refers
+ *   to the value of the java.home system property, and specifies the directory
+ *   where the JRE is installed. This policy file grants permissions to the
+ *   modules loaded by the platform class loader. If the default policy file
+ *   cannot be loaded, a fatal InternalError is thrown as these permissions
+ *   are needed in order for the runtime to operate correctly.
+ * <li>
  *   Loop through the <code>java.security.Security</code> properties,
  *   <i>policy.url.1</i>, <i>policy.url.2</i>, ...,
  *   <i>policy.url.X</i>" and
@@ -78,13 +86,14 @@
  *   <i>auth.policy.url.X</i>".  These properties are set
  *   in the Java security properties file, which is located in the file named
  *   &lt;JAVA_HOME&gt;/conf/security/java.security.
- *   &lt;JAVA_HOME&gt; refers to the value of the java.home system property,
- *   and specifies the directory where the JRE is installed.
  *   Each property value specifies a <code>URL</code> pointing to a
  *   policy file to be loaded.  Read in and load each policy.
  *
  *   <i>auth.policy.url</i> is supported only for backward compatibility.
  *
+ *   If none of these could be loaded, use a builtin static policy
+ *   equivalent to the conf/security/java.policy file.
+ *
  * <li>
  *   The <code>java.lang.System</code> property <i>java.security.policy</i>
  *   may also be set to a <code>URL</code> pointing to another policy file
@@ -107,10 +116,13 @@
  *   <i>java.security.auth.policy</i> is supported only for backward
  *   compatibility.
  *
- *   If the  <i>java.security.policy</i> or
+ *   If the <i>java.security.policy</i> or
  *   <i>java.security.auth.policy</i> property is defined using
- *   "==" (rather than "="), then ignore all other specified
- *   policies and only load this policy.
+ *   "==" (rather than "="), then load the specified policy file and ignore
+ *   all other configured policies. Note, that the default.policy file is
+ *   also loaded, as specified in the first step of the algorithm above.
+ *   If the specified policy file cannot be loaded, use a builtin static policy
+ *   equivalent to the default conf/security/java.policy file.
  * </ol>
  *
  * Each policy file consists of one or more grant entries, each of
@@ -178,7 +190,6 @@
  * "FooSoft" alias, or if XXX <code>Foo.class</code> is a
  * system class (i.e., is found on the CLASSPATH).
  *
- *
  * <p> Items that appear in an entry must appear in the specified order
  * (<code>permission</code>, <i>Type</i>, "<i>name</i>", and
  * "<i>action</i>"). An entry is terminated with a semicolon.
@@ -246,7 +257,6 @@
  *  with all the principals associated with the <code>Subject</code>
  *  in the current <code>AccessControlContext</code>.
  *
- *
  * <p> For PrivateCredentialPermissions, you can also use "<b>self</b>"
  * instead of "<b>${{self}}</b>". However the use of "<b>self</b>" is
  * deprecated in favour of "<b>${{self}}</b>".
@@ -278,7 +288,6 @@
     private URL url;
 
     // for use with the reflection API
-
     private static final Class<?>[] PARAMS0 = { };
     private static final Class<?>[] PARAMS1 = { String.class };
     private static final Class<?>[] PARAMS2 = { String.class, String.class };
@@ -294,6 +303,23 @@
     private static AtomicReference<Set<URL>> badPolicyURLs =
         new AtomicReference<>(new HashSet<>());
 
+    // The default.policy file
+    private static final URL DEFAULT_POLICY_URL =
+        AccessController.doPrivileged(new PrivilegedAction<>() {
+            @Override
+            public URL run() {
+                String sep = File.separator;
+                try {
+                    return Paths.get(System.getProperty("java.home"),
+                                     "lib", "security",
+                                     "default.policy").toUri().toURL();
+                } catch (MalformedURLException mue) {
+                    // should not happen
+                    throw new Error("Malformed default.policy URL: " + mue);
+                }
+            }
+        });
+
     /**
      * Initializes the Policy object and reads the default policy
      * configuration file(s) into the Policy object.
@@ -315,108 +341,15 @@
      * Initializes the Policy object and reads the default policy
      * configuration file(s) into the Policy object.
      *
-     * The algorithm for locating the policy file(s) and reading their
-     * information into the Policy object is:
-     * <pre>
-     *   loop through the Security Properties named "policy.url.1",
-     *  ""policy.url.2", "auth.policy.url.1",  "auth.policy.url.2" etc, until
-     *   you don't find one. Each of these specify a policy file.
-     *
-     *   if none of these could be loaded, use a builtin static policy
-     *      equivalent to the default conf/security/java.policy file.
-     *
-     *   if the system property "java.policy" or "java.auth.policy" is defined
-     * (which is the
-     *      case when the user uses the -D switch at runtime), and
-     *     its use is allowed by the security property file,
-     *     also load it.
-     * </pre>
-     *
-     * Each policy file consists of one or more grant entries, each of
-     * which consists of a number of permission entries.
-     * <pre>
-     *   grant signedBy "<i>alias</i>", codeBase "<i>URL</i>" {
-     *     permission <i>Type</i> "<i>name</i>", "<i>action</i>",
-     *         signedBy "<i>alias</i>";
-     *     ....
-     *     permission <i>Type</i> "<i>name</i>", "<i>action</i>",
-     *         signedBy "<i>alias</i>";
-     *   };
-     *
-     * </pre>
-     *
-     * All non-italicized items above must appear as is (although case
-     * doesn't matter and some are optional, as noted below).
-     * Italicized items represent variable values.
-     *
-     * <p> A grant entry must begin with the word <code>grant</code>.
-     * The <code>signedBy</code> and <code>codeBase</code> name/value
-     * pairs are optional.
-     * If they are not present, then any signer (including unsigned code)
-     * will match, and any codeBase will match.
-     *
-     * <p> A permission entry must begin with the word <code>permission</code>.
-     * The word <code><i>Type</i></code> in the template above would actually
-     * be a specific permission type, such as
-     * <code>java.io.FilePermission</code> or
-     * <code>java.lang.RuntimePermission</code>.
-     *
-     * <p>The "<i>action</i>" is required for
-     * many permission types, such as <code>java.io.FilePermission</code>
-     * (where it specifies what type of file access is permitted).
-     * It is not required for categories such as
-     * <code>java.lang.RuntimePermission</code>
-     * where it is not necessary - you either have the
-     * permission specified by the <code>"<i>name</i>"</code>
-     * value following the type name or you don't.
-     *
-     * <p>The <code>signedBy</code> name/value pair for a permission entry
-     * is optional. If present, it indicates a signed permission. That is,
-     * the permission class itself must be signed by the given alias in
-     * order for it to be granted. For example,
-     * suppose you have the following grant entry:
-     *
-     * <pre>
-     *   grant {
-     *     permission Foo "foobar", signedBy "FooSoft";
-     *   }
-     * </pre>
-     *
-     * <p>Then this permission of type <i>Foo</i> is granted if the
-     * <code>Foo.class</code> permission has been signed by the
-     * "FooSoft" alias, or if <code>Foo.class</code> is a
-     * system class (i.e., is found on the CLASSPATH).
-     *
-     * <p>Items that appear in an entry must appear in the specified order
-     * (<code>permission</code>, <i>Type</i>, "<i>name</i>", and
-     * "<i>action</i>"). An entry is terminated with a semicolon.
-     *
-     * <p>Case is unimportant for the identifiers (<code>permission</code>,
-     * <code>signedBy</code>, <code>codeBase</code>, etc.) but is
-     * significant for the <i>Type</i>
-     * or for any string that is passed in as a value.
-     *
-     * <p>An example of two entries in a policy configuration file is
-     * <pre>
-     *   //  if the code is signed by "Duke", grant it read/write to all
-     *   // files in /tmp.
-     *
-     *   grant signedBy "Duke" {
-     *          permission java.io.FilePermission "/tmp/*", "read,write";
-     *   };
-     *
-     *   // grant everyone the following permission
-     *
-     *   grant {
-     *     permission java.util.PropertyPermission "java.vendor";
-     *   };
-     *  </pre>
+     * See the class description for details on the algorithm used to
+     * initialize the Policy object.
      */
     private void init(URL url) {
         // Properties are set once for each init(); ignore changes between
         // between diff invocations of initPolicyFile(policy, url, info).
         String numCacheStr =
-          AccessController.doPrivileged(new PrivilegedAction<String>() {
+          AccessController.doPrivileged(new PrivilegedAction<>() {
+            @Override
             public String run() {
                 expandProperties = "true".equalsIgnoreCase
                     (Security.getProperty("policy.expandProperties"));
@@ -445,19 +378,32 @@
 
     private void initPolicyFile(final PolicyInfo newInfo, final URL url) {
 
+        // always load default.policy
+        if (debug != null) {
+            debug.println("reading " + DEFAULT_POLICY_URL);
+        }
+        AccessController.doPrivileged(new PrivilegedAction<>() {
+            @Override
+            public Void run() {
+                init(DEFAULT_POLICY_URL, newInfo, true);
+                return null;
+            }
+        });
+
         if (url != null) {
 
             /**
              * If the caller specified a URL via Policy.getInstance,
-             * we only read from that URL
+             * we only read from default.policy and that URL.
              */
 
             if (debug != null) {
-                debug.println("reading "+url);
+                debug.println("reading " + url);
             }
-            AccessController.doPrivileged(new PrivilegedAction<Void>() {
+            AccessController.doPrivileged(new PrivilegedAction<>() {
+                @Override
                 public Void run() {
-                    if (init(url, newInfo) == false) {
+                    if (init(url, newInfo, false) == false) {
                         // use static policy if all else fails
                         initStaticPolicy(newInfo);
                     }
@@ -472,7 +418,7 @@
              * Read from URLs listed in the java.security properties file.
              *
              * We call initPolicyFile with POLICY, POLICY_URL and then
-             * call it with AUTH_POLICY and AUTH_POLICY_URL
+             * call it with AUTH_POLICY and AUTH_POLICY_URL.
              * So first we will process the JAVA standard policy
              * and then process the JAVA AUTH Policy.
              * This is for backward compatibility as well as to handle
@@ -493,9 +439,10 @@
     }
 
     private boolean initPolicyFile(final String propname, final String urlname,
-                                final PolicyInfo newInfo) {
-        Boolean loadedPolicy =
-            AccessController.doPrivileged(new PrivilegedAction<Boolean>() {
+                                   final PolicyInfo newInfo) {
+        boolean loadedPolicy =
+            AccessController.doPrivileged(new PrivilegedAction<>() {
+            @Override
             public Boolean run() {
                 boolean loaded_policy = false;
 
@@ -519,10 +466,12 @@
                             } else {
                                 policyURL = new URL(extra_policy);
                             }
-                            if (debug != null)
+                            if (debug != null) {
                                 debug.println("reading "+policyURL);
-                            if (init(policyURL, newInfo))
+                            }
+                            if (init(policyURL, newInfo, false)) {
                                 loaded_policy = true;
+                            }
                         } catch (Exception e) {
                             // ignore.
                             if (debug != null) {
@@ -560,10 +509,12 @@
                             policy_url = new URI(expanded_uri).toURL();
                         }
 
-                        if (debug != null)
-                            debug.println("reading "+policy_url);
-                        if (init(policy_url, newInfo))
+                        if (debug != null) {
+                            debug.println("reading " + policy_url);
+                        }
+                        if (init(policy_url, newInfo, false)) {
                             loaded_policy = true;
+                        }
                     } catch (Exception e) {
                         if (debug != null) {
                             debug.println("error reading policy "+e);
@@ -577,7 +528,7 @@
             }
         });
 
-        return loadedPolicy.booleanValue();
+        return loadedPolicy;
     }
 
     /**
@@ -586,7 +537,7 @@
      *
      * @param policyFile the policy Reader object.
      */
-    private boolean init(URL policy, PolicyInfo newInfo) {
+    private boolean init(URL policy, PolicyInfo newInfo, boolean defPolicy) {
 
         // skip parsing policy file if it has been previously parsed and
         // has syntax errors
@@ -597,24 +548,10 @@
             return false;
         }
 
-        boolean success = false;
-        PolicyParser pp = new PolicyParser(expandProperties);
-        InputStreamReader isr = null;
-        try {
+        try (InputStreamReader isr =
+                 getInputStreamReader(PolicyUtil.getInputStream(policy))) {
 
-            // read in policy using UTF-8 by default
-            //
-            // check non-standard system property to see if
-            // the default encoding should be used instead
-
-            if (notUtf8) {
-                isr = new InputStreamReader
-                                (PolicyUtil.getInputStream(policy));
-            } else {
-                isr = new InputStreamReader
-                                (PolicyUtil.getInputStream(policy), "UTF-8");
-            }
-
+            PolicyParser pp = new PolicyParser(expandProperties);
             pp.read(isr);
 
             KeyStore keyStore = null;
@@ -638,7 +575,11 @@
                 PolicyParser.GrantEntry ge = enum_.nextElement();
                 addGrantEntry(ge, keyStore, newInfo);
             }
+            return true;
         } catch (PolicyParser.ParsingException pe) {
+            if (defPolicy) {
+                throw new InternalError("Failed to load default.policy", pe);
+            }
             // record bad policy file to avoid later reparsing it
             badPolicyURLs.updateAndGet(k -> {
                 k.add(policy);
@@ -652,29 +593,38 @@
                 pe.printStackTrace();
             }
         } catch (Exception e) {
+            if (defPolicy) {
+                throw new InternalError("Failed to load default.policy", e);
+            }
             if (debug != null) {
                 debug.println("error parsing "+policy);
                 debug.println(e.toString());
                 e.printStackTrace();
             }
-        } finally {
-            if (isr != null) {
-                try {
-                    isr.close();
-                    success = true;
-                } catch (IOException e) {
-                    // ignore the exception
-                }
-            } else {
-                success = true;
-            }
         }
 
-        return success;
+        return false;
+    }
+
+    private InputStreamReader getInputStreamReader(InputStream is)
+                              throws IOException {
+        /*
+         * Read in policy using UTF-8 by default.
+         *
+         * Check non-standard system property to see if the default encoding
+         * should be used instead.
+         */
+        return (notUtf8)
+            ? new InputStreamReader(is)
+            : new InputStreamReader(is, "UTF-8");
     }
 
     private void initStaticPolicy(final PolicyInfo newInfo) {
-        AccessController.doPrivileged(new PrivilegedAction<Void>() {
+        if (debug != null) {
+            debug.println("Initializing with static permissions");
+        }
+        AccessController.doPrivileged(new PrivilegedAction<>() {
+            @Override
             public Void run() {
                 PolicyEntry pe = new PolicyEntry(new CodeSource(null,
                     (Certificate[]) null));
@@ -1193,7 +1143,8 @@
             return perms;
 
         CodeSource canonCodeSource = AccessController.doPrivileged(
-            new java.security.PrivilegedAction<CodeSource>(){
+            new java.security.PrivilegedAction<>(){
+                @Override
                 public CodeSource run() {
                     return canonicalizeCodebase(cs, true);
                 }
@@ -1220,7 +1171,8 @@
             return perms;
 
         CodeSource canonCodeSource = AccessController.doPrivileged(
-            new java.security.PrivilegedAction<CodeSource>(){
+            new PrivilegedAction<>(){
+                @Override
                 public CodeSource run() {
                     return canonicalizeCodebase(cs, true);
                 }
@@ -1254,7 +1206,8 @@
 
         // check to see if the CodeSource implies
         Boolean imp = AccessController.doPrivileged
-            (new PrivilegedAction<Boolean>() {
+            (new PrivilegedAction<>() {
+            @Override
             public Boolean run() {
                 return entry.getCodeSource().implies(cs);
             }
--- a/src/java.base/share/conf/security/java.policy	Fri Jul 29 09:34:20 2016 -0700
+++ b/src/java.base/share/conf/security/java.policy	Fri Jul 29 19:00:54 2016 -0400
@@ -1,179 +1,31 @@
-// permissions required by each component
-
-grant codeBase "jrt:/java.activation" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/java.corba" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/java.compiler" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.charsets" {
-        permission java.io.FilePermission "${java.home}/-", "read";
-        permission java.util.PropertyPermission "os.name", "read";
-        permission java.util.PropertyPermission "sun.nio.cs.map", "read";
-        permission java.lang.RuntimePermission "charsetProvider";
-        permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
-};
-
-grant codeBase "jrt:/jdk.crypto.ucrypto" {
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
-        permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
-        // need "com.oracle.security.ucrypto.debug" for debugging
-        permission java.util.PropertyPermission "*", "read";
-        permission java.security.SecurityPermission "putProviderProperty.OracleUcrypto";
-        permission java.security.SecurityPermission "clearProviderProperties.OracleUcrypto";
-        permission java.security.SecurityPermission "removeProviderProperty.OracleUcrypto";
-        // Needed for reading Ucrypto config file
-        permission java.io.FilePermission "<<ALL FILES>>", "read";
-};
-
-grant codeBase "jrt:/java.sql" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/java.sql.rowset" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.crypto.ec" {
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
-        permission java.lang.RuntimePermission "loadLibrary.sunec";
-        permission java.util.PropertyPermission "*", "read";
-        permission java.security.SecurityPermission "putProviderProperty.SunEC";
-        permission java.security.SecurityPermission "clearProviderProperties.SunEC";
-        permission java.security.SecurityPermission "removeProviderProperty.SunEC";
-};
-
-grant codeBase "jrt:/jdk.crypto.pkcs11" {
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
-        permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
-        // needs "security.pkcs11.allowSingleThreadedModules"
-        permission java.util.PropertyPermission "*", "read";
-        permission java.security.SecurityPermission "putProviderProperty.*";
-        permission java.security.SecurityPermission "clearProviderProperties.*";
-        permission java.security.SecurityPermission "removeProviderProperty.*";
-        permission java.security.SecurityPermission "getProperty.auth.login.defaultCallbackHandler";
-        permission java.security.SecurityPermission "authProvider.*";
-        // Needed for reading PKCS11 config file and NSS library check
-        permission java.io.FilePermission "<<ALL FILES>>", "read";
-};
-
-grant codeBase "jrt:/jdk.dynalink" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.internal.le" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.jsobject" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.localedata" {
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
-        permission java.util.PropertyPermission "*", "read";
-};
-
-grant codeBase "jrt:/jdk.naming.dns" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/java.scripting" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.scripting.nashorn" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
-        permission java.security.AllPermission;
-};
-
-grant codeBase "jrt:/java.smartcardio" {
-        permission javax.smartcardio.CardPermission "*", "*";
-        permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
-        permission java.util.PropertyPermission "*", "read";
-        // needed for looking up native PC/SC library
-        permission java.io.FilePermission "<<ALL FILES>>","read";
-        permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
-        permission java.security.SecurityPermission "clearProviderProperties.SunPCSC";
-        permission java.security.SecurityPermission "removeProviderProperty.SunPCSC";
-};
-
-grant codeBase "jrt:/java.xml.bind" {
-        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
-        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
-        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
-        permission java.lang.RuntimePermission "accessDeclaredMembers";
-        permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
-        permission java.util.PropertyPermission "*", "read";
-};
-
-grant codeBase "jrt:/java.xml.crypto" {
-        permission java.util.PropertyPermission "*", "read";
-        permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
-        permission java.security.SecurityPermission "clearProviderProperties.XMLDSig";
-        permission java.security.SecurityPermission "removeProviderProperty.XMLDSig";
-        permission java.security.SecurityPermission "com.sun.org.apache.xml.internal.security.register";
-};
-
-grant codeBase "jrt:/java.xml.ws" {
-        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.xml.internal.*";
-        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal";
-        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.istack.internal.*";
-        permission java.lang.RuntimePermission "accessClassInPackage.com.sun.org.apache.xerces.internal.*";
-        permission java.lang.RuntimePermission "accessDeclaredMembers";
-        permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
-        permission java.util.PropertyPermission "*", "read";
-};
-
-grant codeBase "jrt:/jdk.zipfs" {
-        permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
-        permission java.lang.RuntimePermission "fileSystemProvider";
-        permission java.util.PropertyPermission "*", "read";
-};
-
 // default permissions granted to all domains
 
 grant {
-        // allows anyone to listen on dynamic ports
-        permission java.net.SocketPermission "localhost:0", "listen";
+    // allows anyone to listen on dynamic ports
+    permission java.net.SocketPermission "localhost:0", "listen";
 
-        // "standard" properies that can be read by anyone
-
-        permission java.util.PropertyPermission "java.version", "read";
-        permission java.util.PropertyPermission "java.vendor", "read";
-        permission java.util.PropertyPermission "java.vendor.url", "read";
-        permission java.util.PropertyPermission "java.class.version", "read";
-        permission java.util.PropertyPermission "os.name", "read";
-        permission java.util.PropertyPermission "os.version", "read";
-        permission java.util.PropertyPermission "os.arch", "read";
-        permission java.util.PropertyPermission "file.separator", "read";
-        permission java.util.PropertyPermission "path.separator", "read";
-        permission java.util.PropertyPermission "line.separator", "read";
-
-        permission java.util.PropertyPermission "java.specification.version", "read";
-        permission java.util.PropertyPermission "java.specification.vendor", "read";
-        permission java.util.PropertyPermission "java.specification.name", "read";
-
-        permission java.util.PropertyPermission "java.vm.specification.version", "read";
-        permission java.util.PropertyPermission "java.vm.specification.vendor", "read";
-        permission java.util.PropertyPermission "java.vm.specification.name", "read";
-        permission java.util.PropertyPermission "java.vm.version", "read";
-        permission java.util.PropertyPermission "java.vm.vendor", "read";
-        permission java.util.PropertyPermission "java.vm.name", "read";
+    // "standard" properies that can be read by anyone
+    permission java.util.PropertyPermission "java.version", "read";
+    permission java.util.PropertyPermission "java.vendor", "read";
+    permission java.util.PropertyPermission "java.vendor.url", "read";
+    permission java.util.PropertyPermission "java.class.version", "read";
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.version", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "file.separator", "read";
+    permission java.util.PropertyPermission "path.separator", "read";
+    permission java.util.PropertyPermission "line.separator", "read";
+    permission java.util.PropertyPermission
+                   "java.specification.version", "read";
+    permission java.util.PropertyPermission "java.specification.vendor", "read";
+    permission java.util.PropertyPermission "java.specification.name", "read";
+    permission java.util.PropertyPermission
+                   "java.vm.specification.version", "read";
+    permission java.util.PropertyPermission
+                   "java.vm.specification.vendor", "read";
+    permission java.util.PropertyPermission
+                   "java.vm.specification.name", "read";
+    permission java.util.PropertyPermission "java.vm.version", "read";
+    permission java.util.PropertyPermission "java.vm.vendor", "read";
+    permission java.util.PropertyPermission "java.vm.name", "read";
 };
-
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/share/lib/security/default.policy	Fri Jul 29 19:00:54 2016 -0400
@@ -0,0 +1,160 @@
+//
+// Permissions required by modules stored in a run-time image and loaded
+// by the platform class loader.
+//
+// NOTE that this file is not intended to be modified. If additional
+// permissions need to be granted to the modules in this file, it is
+// recommended that they be configured in a separate policy file or
+// ${java.home}/conf/security/java.policy.
+//
+
+grant codeBase "jrt:/java.activation" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.compiler" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.corba" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.scripting" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.smartcardio" {
+    permission javax.smartcardio.CardPermission "*", "*";
+    permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.util.PropertyPermission "*", "read";
+    // needed for looking up native PC/SC library
+    permission java.io.FilePermission "<<ALL FILES>>","read";
+    permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
+    permission java.security.SecurityPermission
+                   "clearProviderProperties.SunPCSC";
+    permission java.security.SecurityPermission
+                   "removeProviderProperty.SunPCSC";
+};
+
+grant codeBase "jrt:/java.sql" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.sql.rowset" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.xml.bind" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.xml.internal.*";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.istack.internal";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.istack.internal.*";
+    permission java.lang.RuntimePermission "accessDeclaredMembers";
+    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+    permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "jrt:/java.xml.crypto" {
+    permission java.util.PropertyPermission "*", "read";
+    permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
+    permission java.security.SecurityPermission
+                   "clearProviderProperties.XMLDSig";
+    permission java.security.SecurityPermission
+                   "removeProviderProperty.XMLDSig";
+    permission java.security.SecurityPermission
+                   "com.sun.org.apache.xml.internal.security.register";
+};
+
+grant codeBase "jrt:/java.xml.ws" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.xml.internal.*";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.istack.internal";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.istack.internal.*";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.org.apache.xerces.internal.*";
+    permission java.lang.RuntimePermission "accessDeclaredMembers";
+    permission java.lang.reflect.ReflectPermission "suppressAccessChecks";
+    permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "jrt:/jdk.charsets" {
+    permission java.io.FilePermission "${java.home}/-", "read";
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "sun.nio.cs.map", "read";
+    permission java.lang.RuntimePermission "charsetProvider";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.jdk.internal.misc";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
+};
+
+grant codeBase "jrt:/jdk.crypto.ec" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission "loadLibrary.sunec";
+    permission java.util.PropertyPermission "*", "read";
+    permission java.security.SecurityPermission "putProviderProperty.SunEC";
+    permission java.security.SecurityPermission "clearProviderProperties.SunEC";
+    permission java.security.SecurityPermission "removeProviderProperty.SunEC";
+};
+
+grant codeBase "jrt:/jdk.crypto.pkcs11" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+    permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+    // needs "security.pkcs11.allowSingleThreadedModules"
+    permission java.util.PropertyPermission "*", "read";
+    permission java.security.SecurityPermission "putProviderProperty.*";
+    permission java.security.SecurityPermission "clearProviderProperties.*";
+    permission java.security.SecurityPermission "removeProviderProperty.*";
+    permission java.security.SecurityPermission
+                   "getProperty.auth.login.defaultCallbackHandler";
+    permission java.security.SecurityPermission "authProvider.*";
+    // Needed for reading PKCS11 config file and NSS library check
+    permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+grant codeBase "jrt:/jdk.dynalink" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.internal.le" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.jsobject" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.localedata" {
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
+    permission java.util.PropertyPermission "*", "read";
+};
+
+grant codeBase "jrt:/jdk.naming.dns" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.scripting.nashorn" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.zipfs" {
+    permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+    permission java.lang.RuntimePermission "fileSystemProvider";
+    permission java.util.PropertyPermission "*", "read";
+};
+
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/solaris/lib/security/default.policy	Fri Jul 29 19:00:54 2016 -0400
@@ -0,0 +1,16 @@
+grant codeBase "jrt:/jdk.crypto.ucrypto" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+    permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
+    // need "com.oracle.security.ucrypto.debug" for debugging
+    permission java.util.PropertyPermission "*", "read";
+    permission java.security.SecurityPermission
+                   "putProviderProperty.OracleUcrypto";
+    permission java.security.SecurityPermission
+                   "clearProviderProperties.OracleUcrypto";
+    permission java.security.SecurityPermission
+                   "removeProviderProperty.OracleUcrypto";
+    permission java.io.FilePermission
+                   "${java.home}/conf/security/ucrypto-solaris.cfg", "read";
+};
--- a/src/java.base/windows/conf/security/java.policy	Fri Jul 29 09:34:20 2016 -0700
+++ /dev/null	Thu Jan 01 00:00:00 1970 +0000
@@ -1,12 +0,0 @@
-grant codeBase "jrt:/jdk.crypto.mscapi" {
-        permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
-        permission java.lang.RuntimePermission "loadLibrary.sunmscapi";
-        permission java.util.PropertyPermission "*", "read";
-        permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
-        permission java.security.SecurityPermission "clearProviderProperties.SunMSCAPI";
-        permission java.security.SecurityPermission "removeProviderProperty.SunMSCAPI";
-};
-
-grant codeBase "jrt:/jdk.accessibility" {
-        permission java.security.AllPermission;
-};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/src/java.base/windows/lib/security/default.policy	Fri Jul 29 19:00:54 2016 -0400
@@ -0,0 +1,15 @@
+grant codeBase "jrt:/jdk.accessibility" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.crypto.mscapi" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission "loadLibrary.sunmscapi";
+    permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
+    permission java.security.SecurityPermission
+                   "clearProviderProperties.SunMSCAPI";
+    permission java.security.SecurityPermission
+                   "removeProviderProperty.SunMSCAPI";
+    permission java.util.PropertyPermission "*", "read";
+};
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/provider/PolicyFile/DefaultPolicy.java	Fri Jul 29 19:00:54 2016 -0400
@@ -0,0 +1,78 @@
+/*
+ * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @bug 8159752
+ * @summary Test that default policy permissions are always granted
+ * @run main/othervm DefaultPolicy
+ */
+
+import java.net.URI;
+import java.net.URL;
+import java.nio.file.Paths;
+import java.security.AllPermission;
+import java.security.CodeSigner;
+import java.security.CodeSource;
+import java.security.Policy;
+import java.security.ProtectionDomain;
+import java.security.URIParameter;
+
+public class DefaultPolicy {
+
+    public static void main(String[] args) throws Exception {
+
+        // Check policy with no java.security.policy property set
+        Policy p = Policy.getPolicy();
+        checkPolicy(p);
+
+        // Check policy with java.security.policy '=' option
+        System.setProperty("java.security.policy", "Extra.policy");
+        p.refresh();
+        checkPolicy(p);
+
+        // Check policy with java.security.policy override '==' option
+        System.setProperty("java.security.policy", "=Extra.policy");
+        p.refresh();
+        checkPolicy(p);
+
+        // Check Policy.getInstance
+        URI policyURI = Paths.get(System.getProperty("test.src"),
+                                  "Extra.policy").toUri();
+        p = Policy.getInstance("JavaPolicy", new URIParameter(policyURI));
+        checkPolicy(p);
+    }
+
+    private static void checkPolicy(Policy p) throws Exception {
+        // check if jdk.crypto.ec module has been de-privileged
+        CodeSource cs =
+            new CodeSource(new URL("jrt:/jdk.crypto.ec"), (CodeSigner[])null);
+        ProtectionDomain pd = new ProtectionDomain(cs, null, null, null);
+        if (p.implies(pd, new AllPermission())) {
+            throw new Exception("module should not be granted AllPermission");
+        }
+        if (!p.implies(pd, new RuntimePermission("loadLibrary.sunec"))) {
+            throw new Exception("module should be granted RuntimePermission");
+        }
+    }
+}
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/test/sun/security/provider/PolicyFile/Extra.policy	Fri Jul 29 19:00:54 2016 -0400
@@ -0,0 +1,3 @@
+grant {
+    permission java.net.SocketPermission "localhost:0", "listen";
+};