rpms / java-11-openjdk

Clone
Source Code
GIT

Blame SOURCES/rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch

c7 c7-alt c7-beta c8 c8-beta c8s c9 c9-beta c9-containeronly-stream-flatpak
  1.   2a959bfd5d002e4c29592413714b4f8769fc2959
  2.   SOURCES
  3.   rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch
Blob History Raw
2a959b 
# HG changeset patch
2a959b 
# User Zdenek Zambersky <zzambers@redhat.com>
2a959b 
# Date 1601403587 -7200
2a959b 
#      Tue Sep 29 20:19:47 2020 +0200
2a959b 
# Node ID f77ac813eee61b2e9616b2d71a2c5372d0cbd158
2a959b 
# Parent  d484fdfcc7d5c21812de8a0712236d077b0f2dde
2a959b 
Fixed default policy for jdk.crypto.cryptoki
2a959b
2a959b 
diff -r d484fdfcc7d5 -r f77ac813eee6 src/java.base/share/lib/security/default.policy
2a959b 
--- openjdk.orig/src/java.base/share/lib/security/default.policy	Wed Sep 02 07:36:15 2020 +0200
2a959b 
+++ openjdk/src/java.base/share/lib/security/default.policy	Tue Sep 29 20:19:47 2020 +0200
2a959b 
@@ -124,6 +124,8 @@
2a959b 
 grant codeBase "jrt:/jdk.crypto.cryptoki" {
2a959b 
     permission java.lang.RuntimePermission
2a959b 
                    "accessClassInPackage.sun.security.*";
2a959b 
+    permission java.lang.RuntimePermission
2a959b 
+                   "accessClassInPackage.com.sun.crypto.provider";
2a959b 
     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
2a959b 
     permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
2a959b 
     permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
2a959b 
# HG changeset patch
2a959b 
# User Zdenek Zambersky <zzambers@redhat.com>
2a959b 
# Date 1601419086 -7200
2a959b 
#      Wed Sep 30 00:38:06 2020 +0200
2a959b 
# Node ID 02c8b154f728be3dd06239a98519d654e2127186
2a959b 
# Parent  f77ac813eee61b2e9616b2d71a2c5372d0cbd158
2a959b 
P11Util: Create provider in priviledged block
2a959b
2a959b 
diff -r f77ac813eee6 -r 02c8b154f728 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
2a959b 
--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Tue Sep 29 20:19:47 2020 +0200
2a959b 
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Wed Sep 30 00:38:06 2020 +0200
2a959b 
@@ -87,14 +87,20 @@
2a959b 
         }
2a959b 
         p = Security.getProvider(providerName);
2a959b 
         if (p == null) {
2a959b 
-            try {
2a959b 
-                @SuppressWarnings("deprecation")
2a959b 
-                Object o = Class.forName(className).newInstance();
2a959b 
-                p = (Provider)o;
2a959b 
-            } catch (Exception e) {
2a959b 
-                throw new ProviderException
2a959b 
-                        ("Could not find provider " + providerName, e);
2a959b 
-            }
2a959b 
+            p = AccessController.doPrivileged(
2a959b 
+                new PrivilegedAction<Provider>() {
2a959b 
+                    public Provider run() {
2a959b 
+                        try {
2a959b 
+                            @SuppressWarnings("deprecation")
2a959b 
+                            Object o = Class.forName(className).newInstance();
2a959b 
+                            return (Provider) o;
2a959b 
+                        } catch (Exception e) {
2a959b 
+                            throw new ProviderException
2a959b 
+                                ("Could not find provider " + providerName, e);
2a959b 
+                        }
2a959b 
+                    }
2a959b 
+                }
2a959b 
+            );
2a959b 
         }
2a959b 
         return p;
2a959b 
     }

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation