java-11-openjdk/SOURCES/rh1883849-cryptoki_access_to_sunjce_with_security_manager.patch

# HG changeset patch
# User Zdenek Zambersky <zzambers@redhat.com>
# Date 1601403587 -7200
#      Tue Sep 29 20:19:47 2020 +0200
# Node ID f77ac813eee61b2e9616b2d71a2c5372d0cbd158
# Parent  d484fdfcc7d5c21812de8a0712236d077b0f2dde
Fixed default policy for jdk.crypto.cryptoki

diff -r d484fdfcc7d5 -r f77ac813eee6 src/java.base/share/lib/security/default.policy
--- openjdk.orig/src/java.base/share/lib/security/default.policy	Wed Sep 02 07:36:15 2020 +0200
+++ openjdk/src/java.base/share/lib/security/default.policy	Tue Sep 29 20:19:47 2020 +0200
@@ -124,6 +124,8 @@
 grant codeBase "jrt:/jdk.crypto.cryptoki" {
     permission java.lang.RuntimePermission
                    "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.crypto.provider";
     permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
     permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
     permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
# HG changeset patch
# User Zdenek Zambersky <zzambers@redhat.com>
# Date 1601419086 -7200
#      Wed Sep 30 00:38:06 2020 +0200
# Node ID 02c8b154f728be3dd06239a98519d654e2127186
# Parent  f77ac813eee61b2e9616b2d71a2c5372d0cbd158
P11Util: Create provider in priviledged block

diff -r f77ac813eee6 -r 02c8b154f728 src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java
--- openjdk.orig/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Tue Sep 29 20:19:47 2020 +0200
+++ openjdk/src/jdk.crypto.cryptoki/share/classes/sun/security/pkcs11/P11Util.java	Wed Sep 30 00:38:06 2020 +0200
@@ -87,14 +87,20 @@
         }
         p = Security.getProvider(providerName);
         if (p == null) {
-            try {
-                @SuppressWarnings("deprecation")
-                Object o = Class.forName(className).newInstance();
-                p = (Provider)o;
-            } catch (Exception e) {
-                throw new ProviderException
-                        ("Could not find provider " + providerName, e);
-            }
+            p = AccessController.doPrivileged(
+                new PrivilegedAction<Provider>() {
+                    public Provider run() {
+                        try {
+                            @SuppressWarnings("deprecation")
+                            Object o = Class.forName(className).newInstance();
+                            return (Provider) o;
+                        } catch (Exception e) {
+                            throw new ProviderException
+                                ("Could not find provider " + providerName, e);
+                        }
+                    }
+                }
+            );
         }
         return p;
     }