RE: JDK 9 Build 111 seems to miss some locale data, Lucene tests fail with Farsi and Thai language

Sat, 26 Mar 2016 16:17:57 -0700 

Hi Alan,

 

I added the following to the jdk-9/conf/security/java.policy as first line 
under localedata:

 

grant codeBase "jrt:/jdk.localedata" {

        permission java.lang.RuntimePermission "getClassLoader";

        permission java.lang.RuntimePermission 
"accessClassInPackage.sun.text.*";

        permission java.lang.RuntimePermission 
"accessClassInPackage.sun.util.*";

        permission java.util.PropertyPermission "*", "read";

};

 

Now all analysis tests pass, also the small test program posted previously:

 

$ java -Djava.security.manager Test

class sun.util.locale.provider.DictionaryBasedBreakIterator

 

FYI: Lucene runs all tests with a security manager to enforce some restrictions 
(so tests can't escape their working dir, no useless permissions are required 
that may conflict,...). Lucene is designed to work with lowest permissions 
(except the memory mapping unmapper).

 

I will patch the Jenkins Server's JDK-9 b111 dirs the same way, so we can run 
tests.

 

I have the following question: Why don’t we see an exception when loading the 
locale data? Shouln’t Java fail in some way and print a stack trace? It is just 
silent!

 

Uwe

 

-----

Uwe Schindler

uschind...@apache.org 

ASF Member, Apache Lucene PMC / Committer

Bremen, Germany

http://lucene.apache.org/

 

 

> -----Original Message-----

> From: Alan Bateman [mailto:alan.bate...@oracle.com]

> Sent: Saturday, March 26, 2016 11:05 PM

> To: Uwe Schindler <uschind...@apache.org>

> Cc: 'Rory O'Donnell' <rory.odonn...@oracle.com>; 'Core-Libs-Dev' <core-libs-

> d...@openjdk.java.net>; 'Robert Muir' <rcm...@gmail.com>;

> d...@lucene.apache.org

> Subject: Re: JDK 9 Build 111 seems to miss some locale data, Lucene tests fail

> with Farsi and Thai language

> 

> 

> On 26/03/2016 19:11, Uwe Schindler wrote:

> > Hi Alan, hi Robert, Hi Lucene developers,

> >

> > I was able to reproduce the bug in isolation. The reason why Robert and

> you did not see it was quite simple:

> > - You need to enable a security manager

> > - You need to list all locales before

> >

> >

> Thanks, that's enough to understand the issue. There is code in

> ResourceBundleProviderSupport trying to do a privileged operation with

> less privileged on the stack.

> 

> As a temporary workaround, could you update the policy file

> (conf/security/java.policy) to grant an addition permission to

> jrt:/jdk.localedata

>    permission java.lang.RuntimePermission "getClassLoader";

> 

> I'll create a bug for the issue now.

> 

> -Alan.

Reply via email to