On Thu, 9 Jun 2022 22:54:20 GMT, Hai-May Chao <hc...@openjdk.org> wrote:
>> src/java.base/share/classes/javax/crypto/CryptoPolicyParser.java line 202: >> >>> 200: if (!processedPermissions.isEmpty()) { >>> 201: throw new ParsingException(st.lineno(), "Inconsistent >>> policy"); >>> 202: } >> >> Instead of setting the `allPermEntryFound` flag, what if you instead put an >> entry for `CryptoAllPermission.ALG_NAME` in `processedPermissions` here. >> Then if there are more entries after this, I think `isConsistent` will catch >> it in the following code: >> >> >> if (processedPermissions.containsKey(CryptoAllPermission.ALG_NAME)) { >> return false; >> } > > Yes, with the `allPermEntryFound` flag, the current fix would not require to > put the `javax.crypto.CryptoAllPermission` entry in `processedPermissions`. > So `processedPermissions` will be used to keep > `javax.crypto.CryptoPermission` entries and is updated by `isConsistent()`, > and no need to deal with `javax.crypto.CryptoAllPermission` entry. I’d like > to keep it as-is if there is no objection. Sure, I think that's reasonable. ------------- PR: https://git.openjdk.org/jdk/pull/8985