Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8040059

Change default policy for extensions to no permission

    Details

    • Resolved In Build:
      b14

      Description

      This RFE proposes to remove granting all permissions for extensions (principle of least privilege). Also in JDK 9, we want to separate the privileges of as many system classes as possible.

      Permissions for each JAR file shipped in the JDK's extension directory will be explicitly granted with all permission initially. This will allow each component team to identify minimum permissions required by each component and update the java.policy file accordingly. New tests will possibly be developed in this privilege separation effort.

      The default policy for extensions is configured in the java.policy and it's granted with all permissions by default as specified in: http://docs.oracle.com/javase/8/docs/technotes/guides/extensions/spec.html. Customers installing libraries on extensions that require all permissions will need to update the java.policy for JDK 9 to explicitly specify that.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                mchung Mandy Chung
                Reporter:
                mchung Mandy Chung
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: