When looking through the code and running regression tests as well as
some of my own sample programs, SunPKCS11 needs permission to access
"sun.security.pkcs11.allowSingleThreadedModules" property.
As for other providers, they seem fine without the PropertyPermission.
But the required permissions depend on the code path at runtime, so it's
hard to tell 100%.
Since default permission set contains a bunch of PropertyPermission, it
seems reasonable to grant a "*" PropertyPermission to crypto providers
by default (in case future enhancements/fixes contains code which needs
them). Besides, other jars under extension directory (e.g. zipfs.jar,
cldrdata.jar) do so too.
Regards,
Valerie
On 7/7/2014 7:25 PM, Wang Weijun wrote:
Hi Valerie
I didn't read your previous webrevs, but why is "permission java.util.PropertyPermission "*",
"read";" needed by every provider? I go to sun/ec, sun/pkcs11, com/sun/crypto and find no
special System.getProperty() calls there.
Thanks
Max
On Jul 8, 2014, at 5:14, Valerie Peng<valerie.p...@oracle.com> wrote:
Updated the webrev to include the updates of test policy files.
Also changed the ProviderConfig class to ignore provider instantiation
failures, so that we don't need to include the entries for crypto providers in
the test policy files when the tests themselves do not use/depend on
functionality from crypto providers.
http://cr.openjdk.java.net/~valeriep/8043406/webrev.02/
Thanks,
Valerie
