From c8c8e0945eec0a78d2569946d1246a85b43c085f Mon Sep 17 00:00:00 2001 From: Sean Mullan Date: Tue, 18 Oct 2016 09:18:56 -0400 Subject: [PATCH] 8168078: Remove permission to read all system properties granted to the jdk.crypto.ec module Reviewed-by: vinnie, xuelei --- jdk/src/java.base/share/lib/security/default.policy | 1 - jdk/test/sun/security/ec/TestEC.java | 3 ++- jdk/test/sun/security/ec/TestEC.policy | 3 +++ jdk/test/sun/security/pkcs11/PKCS11Test.java | 3 ++- 4 files changed, 7 insertions(+), 3 deletions(-) create mode 100644 jdk/test/sun/security/ec/TestEC.policy diff --git a/jdk/src/java.base/share/lib/security/default.policy b/jdk/src/java.base/share/lib/security/default.policy index 37b82049dfc..fcdc8ead12a 100644 --- a/jdk/src/java.base/share/lib/security/default.policy +++ b/jdk/src/java.base/share/lib/security/default.policy @@ -103,7 +103,6 @@ grant codeBase "jrt:/jdk.crypto.ec" { permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*"; permission java.lang.RuntimePermission "loadLibrary.sunec"; - permission java.util.PropertyPermission "*", "read"; permission java.security.SecurityPermission "putProviderProperty.SunEC"; permission java.security.SecurityPermission "clearProviderProperties.SunEC"; permission java.security.SecurityPermission "removeProviderProperty.SunEC"; diff --git a/jdk/test/sun/security/ec/TestEC.java b/jdk/test/sun/security/ec/TestEC.java index 4b055706b19..de3783da260 100644 --- a/jdk/test/sun/security/ec/TestEC.java +++ b/jdk/test/sun/security/ec/TestEC.java @@ -28,7 +28,7 @@ /** * @test - * @bug 6840752 + * @bug 6840752 8168078 * @summary Provide out-of-the-box support for ECC algorithms * @library ../pkcs11 * @library ../pkcs11/ec @@ -37,6 +37,7 @@ * @modules jdk.crypto.pkcs11/sun.security.pkcs11.wrapper * @compile -XDignore.symbol.file TestEC.java * @run main/othervm -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC + * @run main/othervm/java.security.policy=TestEC.policy -Djdk.tls.namedGroups="secp256r1,sect193r1" TestEC */ import java.security.NoSuchProviderException; diff --git a/jdk/test/sun/security/ec/TestEC.policy b/jdk/test/sun/security/ec/TestEC.policy new file mode 100644 index 00000000000..de20d3b7bd1 --- /dev/null +++ b/jdk/test/sun/security/ec/TestEC.policy @@ -0,0 +1,3 @@ +grant codebase "file:${test.classes}/*" { + permission java.security.AllPermission; +}; diff --git a/jdk/test/sun/security/pkcs11/PKCS11Test.java b/jdk/test/sun/security/pkcs11/PKCS11Test.java index 59c284d5efa..1724fd300d9 100644 --- a/jdk/test/sun/security/pkcs11/PKCS11Test.java +++ b/jdk/test/sun/security/pkcs11/PKCS11Test.java @@ -47,6 +47,7 @@ import java.util.Iterator; import java.util.List; import java.util.Map; import java.util.Properties; +import java.util.ServiceConfigurationError; import java.util.ServiceLoader; import java.util.Set; @@ -112,7 +113,7 @@ public abstract class PKCS11Test { found = true; break; } - } catch (Exception e) { + } catch (Exception | ServiceConfigurationError e) { // ignore and move on to the next one } }