Sorry, my bad, I didn't notice '9-na' label.
I suppose that code from ext directory should have all permissions:
artem@artem-laptop:$ cat ~/jdk/jdk1.8.0_92b14/jre/lib/security/java.policy
// Standard extensions get all permissions by default
grant codeBase "file:${{java.ext.dirs}}/*" {
permission java.security.AllPermission;
};
// default permissions granted to all domains
...
I am wondering if it would be better it the test didn't override the
default policy.
Artem
On 08/17/2016 10:12 AM, Seán Coffey wrote:
Hi Artem,
Sorry - should have said that this is for jdk8u-dev. The bug is marked
9-na. The provider loading changes made in this area for 9 mean that
it's not affected.
Regards,
Sean.
On 17/08/16 18:10, Artem Smotrakov wrote:
Hi Sean,
If I remember correctly, there is no ext directory in JDK 9 any more.
I don't see in jtr file that "java.ext.dirs" system property is
passed to the test. If I understand correctly,
"file:${{java.ext.dirs}}/*" becomes "file:/*" which seems to grand
all permissions to all the code. It doesn't look correct for this test.
It looks like the test overrides the default policy, please see in
jtr file
-Djava.security.policy==/export/home/gtee/scripts/Results/workDir/scratch_2/unbound.ssl.policy_new
\\
If I recall correctly, there should be a way to specify a policy file
in @run without overriding the default one. May be it is "@run
main/othervm/java.security.policy=unbound.ssl.policy_new"
Artem
On 08/17/2016 09:53 AM, Seán Coffey wrote:
A recently added test case lacks sufficient permissions to read a
conf file when running with security manager.
bug report : https://bugs.openjdk.java.net/browse/JDK-8162916
proposed patch :
diff --git a/test/sun/security/krb5/auto/unbound.ssl.policy
b/test/sun/security/krb5/auto/unbound.ssl.policy
--- a/test/sun/security/krb5/auto/unbound.ssl.policy
+++ b/test/sun/security/krb5/auto/unbound.ssl.policy
@@ -1,7 +1,13 @@
+// Standard extensions get all permissions by default
+
+grant codeBase "file:${{java.ext.dirs}}/*" {
+ permission java.security.AllPermission;
+};
+
grant {
permission java.util.PropertyPermission "*", "read,write";
permission java.net.SocketPermission "*:*",
"listen,resolve,accept,connect";
- permission java.io.FilePermission "*", "read,write,delete";
+ permission java.io.FilePermission "<<ALL FILES>>",
"read,write,delete";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission
"suppressAccessChecks";
permission java.lang.RuntimePermission "accessClassInPackage.*";