|
 |
2a959b |
# HG changeset patch
|
|
|
2a959b |
# User Zdenek Zambersky <zzambers@redhat.com>
|
|
|
2a959b |
# Date 1601403587 -7200
|
|
|
2a959b |
# Tue Sep 29 20:19:47 2020 +0200
|
|
|
2a959b |
# Node ID f77ac813eee61b2e9616b2d71a2c5372d0cbd158
|
|
|
2a959b |
# Parent d484fdfcc7d5c21812de8a0712236d077b0f2dde
|
|
|
2a959b |
Fixed default policy for jdk.crypto.cryptoki
|
|
|
2a959b |
|
|
|
2a959b |
diff -r d484fdfcc7d5 -r f77ac813eee6 src/java.base/share/lib/security/default.policy
|
|
|
2a959b |
--- openjdk.orig/src/java.base/share/lib/security/default.policy Wed Sep 02 07:36:15 2020 +0200
|
|
|
2a959b |
+++ openjdk/src/java.base/share/lib/security/default.policy Tue Sep 29 20:19:47 2020 +0200
|
|
|
2a959b |
@@ -124,6 +124,8 @@
|
|
|
2a959b |
grant codeBase "jrt:/jdk.crypto.cryptoki" {
|
|
|
2a959b |
permission java.lang.RuntimePermission
|
|
|
2a959b |
"accessClassInPackage.sun.security.*";
|
|
|
2a959b |
+ permission java.lang.RuntimePermission
|
|
|
2a959b |
+ "accessClassInPackage.com.sun.crypto.provider";
|
|
|
2a959b |
permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
|
|
|
2a959b |
permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
|
|
|
2a959b |
permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
|
|
|
2a959b |
# HG changeset patch
|
|
|
2a959b |
# User Zdenek Zambersky <zzambers@redhat.com>
|
|
|
2a959b |
# Date 1601419086 -7200
|
|
|
2a959b |
# Wed Sep 30 00:38:06 2020 +0200
|
|
|
2a959b |
# Node ID 02c8b154f728be3dd06239a98519d654e2127186
|
|
|
2a959b |
# Parent f77ac813eee61b2e9616b2d71a2c5372d0cbd158
|
|
|
2a959b |
P11Util: Create provider in priviledged block
|
|
|
2a959b |
|
|
|
2a959b |
diff -r f77ac813eee6 -r 02c8b154f728 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
|
|
|
2a959b |
--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java Tue Sep 29 20:19:47 2020 +0200
|
|
|
2a959b |
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java Wed Sep 30 00:38:06 2020 +0200
|
|
|
2a959b |
@@ -87,14 +87,20 @@
|
|
|
2a959b |
}
|
|
|
2a959b |
p = Security.getProvider(providerName);
|
|
|
2a959b |
if (p == null) {
|
|
|
2a959b |
- try {
|
|
|
2a959b |
- @SuppressWarnings("deprecation")
|
|
|
2a959b |
- Object o = Class.forName(className).newInstance();
|
|
|
2a959b |
- p = (Provider)o;
|
|
|
2a959b |
- } catch (Exception e) {
|
|
|
2a959b |
- throw new ProviderException
|
|
|
2a959b |
- ("Could not find provider " + providerName, e);
|
|
|
2a959b |
- }
|
|
|
2a959b |
+ p = AccessController.doPrivileged(
|
|
|
2a959b |
+ new PrivilegedAction<Provider>() {
|
|
|
2a959b |
+ public Provider run() {
|
|
|
2a959b |
+ try {
|
|
|
2a959b |
+ @SuppressWarnings("deprecation")
|
|
|
2a959b |
+ Object o = Class.forName(className).newInstance();
|
|
|
2a959b |
+ return (Provider) o;
|
|
|
2a959b |
+ } catch (Exception e) {
|
|
|
2a959b |
+ throw new ProviderException
|
|
|
2a959b |
+ ("Could not find provider " + providerName, e);
|
|
|
2a959b |
+ }
|
|
|
2a959b |
+ }
|
|
|
2a959b |
+ }
|
|
|
2a959b |
+ );
|
|
|
2a959b |
}
|
|
|
2a959b |
return p;
|
|
|
2a959b |
}
|