Hi Artem,
Sorry - should have said that this is for jdk8u-dev. The bug is marked
9-na. The provider loading changes made in this area for 9 mean that
it's not affected.
Regards,
Sean.
On 17/08/16 18:10, Artem Smotrakov wrote:
Hi Sean,
If I remember correctly, there is no ext directory in JDK 9 any more.
I don't see in jtr file that "java.ext.dirs" system property is passed
to the test. If I understand correctly, "file:${{java.ext.dirs}}/*"
becomes "file:/*" which seems to grand all permissions to all the
code. It doesn't look correct for this test.
It looks like the test overrides the default policy, please see in jtr
file
-Djava.security.policy==/export/home/gtee/scripts/Results/workDir/scratch_2/unbound.ssl.policy_new
\\
If I recall correctly, there should be a way to specify a policy file
in @run without overriding the default one. May be it is "@run
main/othervm/java.security.policy=unbound.ssl.policy_new"
Artem
On 08/17/2016 09:53 AM, Seán Coffey wrote:
A recently added test case lacks sufficient permissions to read a
conf file when running with security manager.
bug report : https://bugs.openjdk.java.net/browse/JDK-8162916
proposed patch :
diff --git a/test/sun/security/krb5/auto/unbound.ssl.policy
b/test/sun/security/krb5/auto/unbound.ssl.policy
--- a/test/sun/security/krb5/auto/unbound.ssl.policy
+++ b/test/sun/security/krb5/auto/unbound.ssl.policy
@@ -1,7 +1,13 @@
+// Standard extensions get all permissions by default
+
+grant codeBase "file:${{java.ext.dirs}}/*" {
+ permission java.security.AllPermission;
+};
+
grant {
permission java.util.PropertyPermission "*", "read,write";
permission java.net.SocketPermission "*:*",
"listen,resolve,accept,connect";
- permission java.io.FilePermission "*", "read,write,delete";
+ permission java.io.FilePermission "<<ALL FILES>>",
"read,write,delete";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission
"suppressAccessChecks";
permission java.lang.RuntimePermission "accessClassInPackage.*";
