If I recall correctly, there should be a way to specify a policy file in @run without overriding the default one. May be it is "@run main/othervm/java.security.policy=unbound.ssl.policy_new"
Yes, I think this should work. I've also just learned about it and don't know from which jtreg it is supported. Hopefully the minimized-required version of jtreg for jdk8u already has it.
--Max
