Uploaded image for project: 'JDK'
  1. JDK
  2. JDK-8040059

Change default policy for extensions to no permission

XMLWordPrintable

    • b14

      This RFE proposes to remove granting all permissions for extensions (principle of least privilege). Also in JDK 9, we want to separate the privileges of as many system classes as possible.

      Permissions for each JAR file shipped in the JDK's extension directory will be explicitly granted with all permission initially. This will allow each component team to identify minimum permissions required by each component and update the java.policy file accordingly. New tests will possibly be developed in this privilege separation effort.

      The default policy for extensions is configured in the java.policy and it's granted with all permissions by default as specified in: http://docs.oracle.com/javase/8/docs/technotes/guides/extensions/spec.html. Customers installing libraries on extensions that require all permissions will need to update the java.policy for JDK 9 to explicitly specify that.

            mchung Mandy Chung
            mchung Mandy Chung
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: