8165712: Grant permission to read specific properties instead of all to the jdk.crypto.ucrypto module

Reviewed-by: xuelei
This commit is contained in:
Sean Mullan 2016-10-17 15:31:50 +00:00
parent 8c7dc29389
commit f91e4dfbaf
4 changed files with 18 additions and 13 deletions

View File

@ -4,7 +4,10 @@ grant codeBase "jrt:/jdk.crypto.ucrypto" {
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
permission java.lang.RuntimePermission "loadLibrary.j2ucrypto";
// need "com.oracle.security.ucrypto.debug" for debugging
permission java.util.PropertyPermission "*", "read";
permission java.util.PropertyPermission "com.oracle.security.ucrypto.debug", "read";
permission java.util.PropertyPermission "file.separator", "read";
permission java.util.PropertyPermission "java.home", "read";
permission java.util.PropertyPermission "os.name", "read";
permission java.security.SecurityPermission
"putProviderProperty.OracleUcrypto";
permission java.security.SecurityPermission

View File

@ -50,12 +50,13 @@ public final class UcryptoProvider extends Provider {
try {
// cannot use LoadLibraryAction because that would make the native
// library available to the bootclassloader, but we run in the
// extension classloader.
String osname = System.getProperty("os.name");
if (osname.startsWith("SunOS")) {
provProp = AccessController.doPrivileged
(new PrivilegedAction<HashMap<String, ServiceDesc>>() {
public HashMap<String, ServiceDesc> run() {
// platform classloader.
provProp = AccessController.doPrivileged
(new PrivilegedAction<>() {
@Override
public HashMap<String, ServiceDesc> run() {
String osname = System.getProperty("os.name");
if (osname.startsWith("SunOS")) {
try {
DEBUG = Boolean.parseBoolean(System.getProperty("com.oracle.security.ucrypto.debug"));
String javaHome = System.getProperty("java.home");
@ -66,14 +67,13 @@ public final class UcryptoProvider extends Provider {
return new HashMap<>();
} catch (Error err) {
if (DEBUG) err.printStackTrace();
return null;
} catch (SecurityException se) {
if (DEBUG) se.printStackTrace();
return null;
}
}
});
}
return null;
}
});
if (provProp != null) {
boolean[] result = loadLibraries();
if (result.length == 2) {

View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2014, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,9 +23,11 @@
/*
* @test
* @bug 7088989 8014374
* @bug 7088989 8014374 8167512
* @summary Ensure the AES ciphers of OracleUcrypto provider works correctly
* @key randomness
* @run main TestAES
* @run main/othervm/java.security.policy==empty.policy TestAES
*/
import java.io.*;