RFR: 8168313: Tighten permissions granted to jdk.crypto.pkcs11 module

Mandy Chung mandy.chung at oracle.com
Fri Oct 21 15:44:53 UTC 2016


Looks good to me.

Mandy

> On Oct 20, 2016, at 8:22 AM, Sean Mullan <sean.mullan at oracle.com> wrote:
> 
> Please review this change to tighten or remove unnecessary permissions granted to the jdk.crypto.pkcs11 module:
> 
> http://cr.openjdk.java.net/~mullan/webrevs/8168313/webrev.00/
> https://bugs.openjdk.java.net/browse/JDK-8168313
> 
> In doing so, I refactored the code a little to not use sun.security.action APIs and was able to remove a qualified export from java.base. I also moved the reading of the os.name and os.arch system properties inside a doPrivileged block just in case the caller(s) do not have permission to read them.
> 
> --Sean



More information about the security-dev mailing list