Just a few comments:
1. When you write a test that uses the jtreg /policy option, the policy
file overrides the system policy file. If the test depends on a standard
extension, then you may get SecurityExceptions unless additional perms
are granted. Thus, there are quite a few tests that define their own
policy files and duplicate the grant statement for extensions from the
system policy:
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
}
These tests should be modified to only grant the necessary permissions.
However, ideally I think that a better solution would be to add a jtreg
/policy option that doesn't override the system policy file, but rather
appends to it, for example, using "==" :
@run main/othervm/policy==test.policy
(this is the reverse behavior of the java.security.policy system
property, so it might be a little confusing, so maybe it is better to
add a new option)
2. test/lib/security/java.policy/Ext_AllPolicy.java
I think you should also add a check for AllPermission.
3. jdk/nio/zipfs/ZipFileSystem.java
If I understand the changes, the previous code would throw
SecurityExceptions when run under a SecurityManager? It's not
specifically related to this bug, is it?
4. lib/security/java.policy
grant codeBase "file:${java.home}/lib/ext/zipfs.jar" {
permission java.io.FilePermission "<<ALL FILES>>",
"read,write,delete";
Hmm, granting that likely means you are just a hop away from getting
AllPermission ... not sure what to advise here, but there are several
cases like this for certain permissions (ex: RuntimePermission
"createClassLoader" is another one).
--Sean
On 04/22/2014 03:39 PM, Mandy Chung wrote:
This change proposes to remove granting all permissions for extensions
as the default and implements the principle of least privilege.In JDK 9,
we want to reduce the privileges of as many system classes as possible.
http://cr.openjdk.java.net/~mchung/jdk9/webrevs/8040059/webrev.00/
This patch has reduced the zipfs, localedata and cldrdata to grant the
permissions they require. It grants AllPermission to other jar files in
the lib/ext directory shipped with JDK and this change is intended to
enable the component teams to identify the minimum permissions and fix
any issue, if any.
Libraries installed in the extensions directory depending on
AllPermission granted by default are impacted. Making this change as
early in JDK 9 allows us to identify any customer impacted by this change.
Mandy
