changeset 17267:f28d7d2c4688

8159528: Deprivilege java.security.jgss, jdk.security.jgss and jdk.security.auth Reviewed-by: mchung, mullan
author weijun
date Sun, 31 Jul 2016 09:37:02 +0800
parents 8730c04eac90
children b57891579b62
files src/java.base/share/lib/security/default.policy test/sun/security/krb5/auto/SSL.java
diffstat 2 files changed, 16 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/src/java.base/share/lib/security/default.policy	Fri Jul 29 19:00:54 2016 -0400
+++ b/src/java.base/share/lib/security/default.policy	Sun Jul 31 09:37:02 2016 +0800
@@ -24,6 +24,10 @@
     permission java.security.AllPermission;
 };
 
+grant codeBase "jrt:/java.security.jgss" {
+    permission java.security.AllPermission;
+};
+
 grant codeBase "jrt:/java.smartcardio" {
     permission javax.smartcardio.CardPermission "*", "*";
     permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
@@ -152,6 +156,14 @@
     permission java.security.AllPermission;
 };
 
+grant codeBase "jrt:/jdk.security.auth" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.security.jgss" {
+    permission java.security.AllPermission;
+};
+
 grant codeBase "jrt:/jdk.zipfs" {
     permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
     permission java.lang.RuntimePermission "fileSystemProvider";
--- a/test/sun/security/krb5/auto/SSL.java	Fri Jul 29 19:00:54 2016 -0400
+++ b/test/sun/security/krb5/auto/SSL.java	Sun Jul 31 09:37:02 2016 +0800
@@ -92,6 +92,10 @@
 
         boolean unbound = args.length > 1;
 
+        // Workaround for JDK-8161101, reference the class before
+        // SecurityManager is set.
+        System.out.println("Touching " + ServicePermission.class);
+
         System.setSecurityManager(new SSL());
 
         KDC kdc = KDC.create(OneKDC.REALM);