jdk Cdiff src/share/lib/security/java.policy

src/share/lib/security/java.policy

8043406: Change default policy for JCE providers to run with as few privileges
as possible


*** 24,42 ****
  grant codeBase "file:${java.home}/lib/ext/nashorn.jar" {
          permission java.security.AllPermission;
  };
  
  grant codeBase "file:${java.home}/lib/ext/sunec.jar" {
!         permission java.security.AllPermission;
  };
  
  grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
!         permission java.security.AllPermission;
  };
  
  grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
!         permission java.security.AllPermission;
  };
  
  // default permissions granted to all domains
  
  grant {
--- 24,61 ----
  grant codeBase "file:${java.home}/lib/ext/nashorn.jar" {
          permission java.security.AllPermission;
  };
  
  grant codeBase "file:${java.home}/lib/ext/sunec.jar" {
!         permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
!         permission java.lang.RuntimePermission "loadLibrary.sunec";
!         permission java.util.PropertyPermission "*", "read";
!         permission java.security.SecurityPermission "putProviderProperty.SunEC";
!         permission java.security.SecurityPermission "clearProviderProperties.SunEC";
!         permission java.security.SecurityPermission "removeProviderProperty.SunEC";
  };
  
  grant codeBase "file:${java.home}/lib/ext/sunjce_provider.jar" {
!         permission java.lang.RuntimePermission "accessClassInPackage.sun.misc";
!         permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
!         permission java.util.PropertyPermission "*", "read";
!         permission java.security.SecurityPermission "putProviderProperty.SunJCE";
!         permission java.security.SecurityPermission "clearProviderProperties.SunJCE";
!         permission java.security.SecurityPermission "removeProviderProperty.SunJCE";
  };
  
  grant codeBase "file:${java.home}/lib/ext/sunpkcs11.jar" {
!         permission java.lang.RuntimePermission "accessClassInPackage.sun.security.*";
!         permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
!         permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
!         permission java.util.PropertyPermission "*", "read";
!         permission java.security.SecurityPermission "putProviderProperty.*";
!         permission java.security.SecurityPermission "clearProviderProperties.*";
!         permission java.security.SecurityPermission "removeProviderProperty.*";
!         permission java.security.SecurityPermission "authProvider.*";
!         // Needed for reading PKCS11 config file and NSS library check
!         permission java.io.FilePermission "<<ALL FILES>>", "read";
  };
  
  // default permissions granted to all domains
  
  grant {