java-11-openjdk-portable/SOURCES/rh1883849-cryptoki_access_t...

# HG changeset patch
# User Zdenek Zambersky <zzambers@redhat.com>
# Date 1601403587 -7200
#      Tue Sep 29 20:19:47 2020 +0200
# Node ID f77ac813eee61b2e9616b2d71a2c5372d0cbd158
# Parent  d484fdfcc7d5c21812de8a0712236d077b0f2dde
Fixed default policy for jdk.crypto.cryptoki

diff -r d484fdfcc7d5 -r f77ac813eee6 src/java.base/share/lib/security/default.policy
--- openjdk.orig/src/java.base/share/lib/security/default.policy	Wed Sep 02 07:36:15 2020 +0200
+++ openjdk/src/java.base/share/lib/security/default.policy	Tue Sep 29 20:19:47 2020 +0200
@@ -124,6 +124,8 @@
 grant codeBase "jrt:/jdk.crypto.cryptoki" {
     permission java.lang.RuntimePermission
                    "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.crypto.provider";
     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
     permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
     permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
# HG changeset patch
# User Zdenek Zambersky <zzambers@redhat.com>
# Date 1601419086 -7200
#      Wed Sep 30 00:38:06 2020 +0200
# Node ID 02c8b154f728be3dd06239a98519d654e2127186
# Parent  f77ac813eee61b2e9616b2d71a2c5372d0cbd158
P11Util: Create provider in priviledged block

diff -r f77ac813eee6 -r 02c8b154f728 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Tue Sep 29 20:19:47 2020 +0200
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Wed Sep 30 00:38:06 2020 +0200
@@ -87,14 +87,20 @@
         }
         p = Security.getProvider(providerName);
         if (p == null) {
-            try {
-                @SuppressWarnings("deprecation")
-                Object o = Class.forName(className).newInstance();
-                p = (Provider)o;
-            } catch (Exception e) {
-                throw new ProviderException
-                        ("Could not find provider " + providerName, e);
-            }
+            p = AccessController.doPrivileged(
+                new PrivilegedAction<Provider>() {
+                    public Provider run() {
+                        try {
+                            @SuppressWarnings("deprecation")
+                            Object o = Class.forName(className).newInstance();
+                            return (Provider) o;
+                        } catch (Exception e) {
+                            throw new ProviderException
+                                ("Could not find provider " + providerName, e);
+                        }
+                    }
+                }
+            );
         }
         return p;
     }
import java-11-openjdk-11.0.10.0.9-4.el8_3 4 years ago			`# HG changeset patch`
			`# User Zdenek Zambersky <zzambers@redhat.com>`
			`# Date 1601403587 -7200`
			`# Tue Sep 29 20:19:47 2020 +0200`
			`# Node ID f77ac813eee61b2e9616b2d71a2c5372d0cbd158`
			`# Parent d484fdfcc7d5c21812de8a0712236d077b0f2dde`
			`Fixed default policy for jdk.crypto.cryptoki`

			`diff -r d484fdfcc7d5 -r f77ac813eee6 src/java.base/share/lib/security/default.policy`
			`--- openjdk.orig/src/java.base/share/lib/security/default.policy Wed Sep 02 07:36:15 2020 +0200`
			`+++ openjdk/src/java.base/share/lib/security/default.policy Tue Sep 29 20:19:47 2020 +0200`
			`@@ -124,6 +124,8 @@`
			`grant codeBase "jrt:/jdk.crypto.cryptoki" {`
			`permission java.lang.RuntimePermission`
			`"accessClassInPackage.sun.security.*";`
			`+ permission java.lang.RuntimePermission`
			`+ "accessClassInPackage.com.sun.crypto.provider";`
			`permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";`
			`permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";`
			`permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";`
			`# HG changeset patch`
			`# User Zdenek Zambersky <zzambers@redhat.com>`
			`# Date 1601419086 -7200`
			`# Wed Sep 30 00:38:06 2020 +0200`
			`# Node ID 02c8b154f728be3dd06239a98519d654e2127186`
			`# Parent f77ac813eee61b2e9616b2d71a2c5372d0cbd158`
			`P11Util: Create provider in priviledged block`

			`diff -r f77ac813eee6 -r 02c8b154f728 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java`
			`--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java Tue Sep 29 20:19:47 2020 +0200`
			`+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java Wed Sep 30 00:38:06 2020 +0200`
			`@@ -87,14 +87,20 @@`
			`}`
			`p = Security.getProvider(providerName);`
			`if (p == null) {`
			`- try {`
			`- @SuppressWarnings("deprecation")`
			`- Object o = Class.forName(className).newInstance();`
			`- p = (Provider)o;`
			`- } catch (Exception e) {`
			`- throw new ProviderException`
			`- ("Could not find provider " + providerName, e);`
			`- }`
			`+ p = AccessController.doPrivileged(`
			`+ new PrivilegedAction<Provider>() {`
			`+ public Provider run() {`
			`+ try {`
			`+ @SuppressWarnings("deprecation")`
			`+ Object o = Class.forName(className).newInstance();`
			`+ return (Provider) o;`
			`+ } catch (Exception e) {`
			`+ throw new ProviderException`
			`+ ("Could not find provider " + providerName, e);`
			`+ }`
			`+ }`
			`+ }`
			`+ );`
			`}`
			`return p;`
			`}`