On 4/23/2014 8:19 AM, Sean Mullan wrote:
On 04/22/2014 06:36 PM, Mandy Chung wrote:
Thanks for bringing up this question. I missed to mention the open
question to follow up how we want to build the system java.policy. There
are platform-specific jar file and also different jar files in Oracle
JDK build. I currently list them all in java.policy in this initial
patch. One solution is to have one version of java.policy for each OS.
However this will suffer from the maintenance burden and also
error-prone as the current java.security file. I'd like to get the
feedback from the security team before attempting to modify the
makefiles.
We had a similar issue with the java.security file where
Oracle-specific packages were being added to the
package.access/definition properties in the OpenJDK java.security
files; thus polluting the source code with packages that were
Oracle-specific.
I fixed this in JDK 8:
https://bugs.openjdk.java.net/browse/JDK-8007292
Basically it involved keeping a list of the non-OpenJDK packages that
were to be restricted in the closed repo, and creating a Java program
that appended these to the properties in the java.security file when
the build included the closed sources.
Thanks Sean. This patch separates the Oracle-specific content from the
OpenJDK java.security files. Is there any plan to handle
java.security-<os> differently (I recalled there is a RFE for it and a
large part of the content is duplicated)? If this is work-in-progress,
I want to make sure to use a similar mechanism for java.policy.
Mandy
