8168851: Tighten permissions granted to the java.smartcardio module

Reviewed-by: vinnie, mchung
2026-04-14 00:49:42 +00:00 · 2016-10-27 14:50:23 -04:00 · 2016-10-27 14:50:23 -04:00 · dfbba1428e
commit dfbba1428e
parent 955f784be9
6 changed files with 27 additions and 6 deletions
--- a/jdk/src/java.base/share/lib/security/default.policy
+++ b/jdk/src/java.base/share/lib/security/default.policy
@ -32,8 +32,22 @@ grant codeBase "jrt:/java.smartcardio" {
    permission javax.smartcardio.CardPermission "*", "*";
    permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
    permission java.lang.RuntimePermission
-                   "accessClassInPackage.sun.security.*";
-    permission java.util.PropertyPermission "*", "read";
+                   "accessClassInPackage.sun.security.jca";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.util";
+    permission java.util.PropertyPermission
+                   "javax.smartcardio.TerminalFactory.DefaultType", "read";
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "sun.arch.data.model", "read";
+    permission java.util.PropertyPermission
+                   "sun.security.smartcardio.library", "read";
+    permission java.util.PropertyPermission
+                   "sun.security.smartcardio.t0GetResponse", "read";
+    permission java.util.PropertyPermission
+                   "sun.security.smartcardio.t1GetResponse", "read";
+    permission java.util.PropertyPermission
+                   "sun.security.smartcardio.t1StripLe", "read";
    // needed for looking up native PC/SC library
    permission java.io.FilePermission "<<ALL FILES>>","read";
    permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
--- a/jdk/test/sun/security/smartcardio/TestChannel.java
+++ b/jdk/test/sun/security/smartcardio/TestChannel.java
@ -23,11 +23,12 @@

 /*
 * @test
- * @bug 6239117
+ * @bug 6239117 8168851
 * @summary test logical channels work
 * @author Andreas Sterbenz
 * @modules java.smartcardio/javax.smartcardio
 * @run main/manual TestChannel
+ * @run main/othervm/manual/java.security.policy==test.policy TestChannel
 */

 // This test requires special hardware.
--- a/jdk/test/sun/security/smartcardio/TestControl.java
+++ b/jdk/test/sun/security/smartcardio/TestControl.java
@ -23,11 +23,12 @@

 /*
 * @test
- * @bug 6239117 6470320
+ * @bug 6239117 6470320 8168851
 * @summary test if transmitControlCommand() works
 * @author Andreas Sterbenz
 * @modules java.smartcardio/javax.smartcardio
 * @run main/manual TestControl
+ * @run main/othervm/manual/java.security.policy==test.policy TestControl
 */

 // This test requires special hardware.
--- a/jdk/test/sun/security/smartcardio/TestDefault.java
+++ b/jdk/test/sun/security/smartcardio/TestDefault.java
@ -23,11 +23,12 @@

 /*
 * @test
- * @bug 6327047
+ * @bug 6327047 8168851
 * @summary verify that TerminalFactory.getDefault() works
 * @author Andreas Sterbenz
 * @modules java.smartcardio/javax.smartcardio
 * @run main/manual TestDefault
+ * @run main/othervm/manual/java.security.policy==test.policy TestDefault
 */

 // This test requires special hardware.
--- a/jdk/test/sun/security/smartcardio/TestDirect.java
+++ b/jdk/test/sun/security/smartcardio/TestDirect.java
@ -23,10 +23,11 @@

 /*
 * @test
- * @bug 8046343
+ * @bug 8046343 8168851
 * @summary Make sure that direct protocol is available
 * @modules java.smartcardio/javax.smartcardio
 * @run main/manual TestDirect
+ * @run main/othervm/manual/java.security.policy==test.policy TestDirect
 */

 // This test requires special hardware.
--- a/jdk/test/sun/security/smartcardio/test.policy
+++ b/jdk/test/sun/security/smartcardio/test.policy
@ -0,0 +1,3 @@
+grant codebase "file:${test.classes}/*" {
+    permission javax.smartcardio.CardPermission "*", "connect,getBasicChannel,reset,transmitControl";
+};