-
Bug
-
Resolution: Fixed
-
P3
-
9
-
b29
-
Verified
Some logging tests such as test/jdk/java/util/logging/LogManager/Configuration/updateConfiguration run with security manager enabled and disabled.
The test creates its custom security policy to grant the permissions required by the test. It overrides the default system policy (lib/security/default.policy) that grants permissions to the deprivileged modules.
If any deprivileged module is loaded and executes security sensitive operations, the permission would be denied.
For example, the locale providers are loaded by SimpleUpdateConfigWithInputStreamTest test but the failed permission check is silently swallowed by the LocaleProviderAdapter implementation and hence this test passes. The tests should be fixed to extend the default security policy instead; otherwise, these tests will start failing ifJDK-8189272 changes the behavior to throw the exception if it fails loading the provider due to security reason.
The test creates its custom security policy to grant the permissions required by the test. It overrides the default system policy (lib/security/default.policy) that grants permissions to the deprivileged modules.
If any deprivileged module is loaded and executes security sensitive operations, the permission would be denied.
For example, the locale providers are loaded by SimpleUpdateConfigWithInputStreamTest test but the failed permission check is silently swallowed by the LocaleProviderAdapter implementation and hence this test passes. The tests should be fixed to extend the default security policy instead; otherwise, these tests will start failing if
- relates to
-
-
- Closed
-