With 7u40 nightly #23, confirmed that rule without any application quantifier will be treated as "Invalid (run everything) rule in Local Security Policy file".

However, location ="*" still works as before. Policy looks like below:
==========

<policy>
  <rule>
     <id location="*" />
     <action permission="run"/>
  </rule>

<!-- block everything else -->
  <rule>
     <id/>
     <action permission="block">
<message>we don't want to run anything else</message>
</action>
  </rule>
</policy>
=============

trace segment
===============
security: Trust for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar has ended: Thu Jan 01 08:00:00 CST 1970
policy: Non-jnlp policy id:
        title: SimpleApplet
        location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
        main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
        main version: null
        isArtifact: true
policy: finding LocalSecurityPolicy for
        title: SimpleApplet
        location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
        main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
        main version: null
        isArtifact: true
policy: Rule title: null matches artifactId: SimpleApplet
policy: Rule location: * matches artifactId: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
policy: Matching Policy ID:
        title: null
        location: *
        isArtifact: false
policy: found matching id, using rule: Policy rule:
    id:
        title: null
        location: *
        isArtifact: false
    action:
        permission: run
        version: null
        message: null
Missing Permissions manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
Missing Codebase manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
security: Validate the certificate chain using CertPath API
security: The OCSP support is disabled
security: The CRL support is disabled
ui: missing resource: java.util.MissingResourceException: Can't find resource for bundle com.sun.deploy.resources.Deployment, key Revocation check disabled
security: Revocation check disabled
security: Grant socket perm for http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar : java.security.Permissions@1cdbaf7 (
 ("java.net.SocketPermission" "127.0.0.1" "connect,accept,resolve")
)

security: Trust for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar has ended: Thu Jan 01 08:00:00 CST 1970
policy: Non-jnlp policy id:
        title: SimpleApplet
        location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
        main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
        main version: null
        isArtifact: true
policy: finding LocalSecurityPolicy for
        title: SimpleApplet
        location: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
        main location: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
        main version: null
        isArtifact: true
policy: Rule title: null matches artifactId: SimpleApplet
policy: Rule location: * matches artifactId: http://127.0.0.1:8080/LSPJPI/html/CertsignedAllpermissionObject.html
policy: Matching Policy ID:
        title: null
        location: *
        isArtifact: false
policy: found matching id, using rule: Policy rule:
    id:
        title: null
        location: *
        isArtifact: false
    action:
        permission: run
        version: null
        message: null
Missing Permissions manifest attribute for: http://127.0.0.1:8080/LSPJPI/classes/testcertsigned.jar
================