Hi Sean,
If I remember correctly, there is no ext directory in JDK 9 any more.
I don't see in jtr file that "java.ext.dirs" system property is passed
to the test. If I understand correctly, "file:${{java.ext.dirs}}/*"
becomes "file:/*" which seems to grand all permissions to all the code.
It doesn't look correct for this test.
It looks like the test overrides the default policy, please see in jtr file
-Djava.security.policy==/export/home/gtee/scripts/Results/workDir/scratch_2/unbound.ssl.policy_new
\\
If I recall correctly, there should be a way to specify a policy file in
@run without overriding the default one. May be it is "@run
main/othervm/java.security.policy=unbound.ssl.policy_new"
Artem
On 08/17/2016 09:53 AM, Seán Coffey wrote:
A recently added test case lacks sufficient permissions to read a conf
file when running with security manager.
bug report : https://bugs.openjdk.java.net/browse/JDK-8162916
proposed patch :
diff --git a/test/sun/security/krb5/auto/unbound.ssl.policy
b/test/sun/security/krb5/auto/unbound.ssl.policy
--- a/test/sun/security/krb5/auto/unbound.ssl.policy
+++ b/test/sun/security/krb5/auto/unbound.ssl.policy
@@ -1,7 +1,13 @@
+// Standard extensions get all permissions by default
+
+grant codeBase "file:${{java.ext.dirs}}/*" {
+ permission java.security.AllPermission;
+};
+
grant {
permission java.util.PropertyPermission "*", "read,write";
permission java.net.SocketPermission "*:*",
"listen,resolve,accept,connect";
- permission java.io.FilePermission "*", "read,write,delete";
+ permission java.io.FilePermission "<<ALL FILES>>",
"read,write,delete";
permission java.lang.RuntimePermission "accessDeclaredMembers";
permission java.lang.reflect.ReflectPermission
"suppressAccessChecks";
permission java.lang.RuntimePermission "accessClassInPackage.*";
