提交

2025-09-11 18:27:56 +08:00
parent a1f5a61252
commit b1bfadb635
186 changed files with 8815 additions and 442 deletions
--- a/resources/java/jdk/lib/security/blocked.certs
+++ b/resources/java/jdk/lib/security/blocked.certs
@ -0,0 +1,39 @@
+Algorithm=SHA-256
+03DB9E5E79FE6117177F81C11595AF598CB176AF766290DBCEB2C318B32E39A2
+08C396C006A21055D00826A5781A5CCFCE2C8D053AB3C197637A4A7A5BB9A650
+14E6D2764A4B06701C6CBC376A253775F79C782FBCB6C0EE6F99DE4BA1024ADD
+1C5E6985ACC09221DBD1A4B7BBC6D3A8C3F8540D19F20763A9537FDD42B4FFE7
+1F6BF8A3F2399AF7FD04516C2719C566CBAD51F412738F66D0457E1E6BDE6F2D
+2A464E4113141352C7962FBD1706ED4B88533EF24D7BBA6CCC5D797FD202F1C4
+31C8FD37DB9B56E708B03D1F01848B068C6DA66F36FB5D82C008C6040FA3E133
+3946901F46B0071E90D78279E82FABABCA177231A704BE72C5B0E8918566EA66
+3E11CF90719F6FB44D94EAC9A156B89BEBE7B8598F28EC58913F2BFCAF91D0C0
+423279423B9FC8CB06F1BB7C3B247522B948D5F18939F378ECC901126DE40BFB
+450F1B421BB05C8609854884559C323319619E8B06B001EA2DCBB74A23AA3BE2
+4CBBF8256BC9888A8007B2F386940A2E394378B0D903CBB3863C5A6394B889CE
+4FEE0163686ECBD65DB968E7494F55D84B25486D438E9DE558D629D28CD4D176
+535D04DFCE027C70BD5F8A9E0AD4F218E9AFDCF5BBCF9B6DE0D81E148E2E3172
+568FAF38D9F155F624838E2181B1CEB4D8459305EE652B0F810C97C3611BFE19
+585CFE6B7436CBD4E732763A2137D7F49599BA9B1790E688FCEC799C58EB84A6
+5E83124D68D24E8E177E306DF643D5EA99C5A94D6FC34B072F7544A1CABB7C7B
+71CB00749B9130FB2707A2664BFF958D0FCC8E161D9674C7450BA0FC2BEAF9D3
+76A45A496031E4DD2D7ED23E8F6FF97DBDEA980BAAC8B0BA94D7EDB551348645
+8A1BD21661C60015065212CC98B1ABB50DFD14C872A208E66BAE890F25C448AF
+9ED8F9B0E8E42A1656B8E1DD18F42BA42DC06FE52686173BA2FC70E756F207DC
+9FADCE80D62A959F9930D748488C1E22E821F4E1E4A43584B848C2FC11E04D77
+A686FEE577C88AB664D0787ECDFFF035F4806F3DE418DC9E4D516324FFF02083
+A90132CEA1D4F7185E4F688EFFD16F6AC14DFD78356A807599A5DABBEEF3333E
+B8686723E415534BC0DBD16326F9486F85B0B0799BF6639334E61DAAE67F36CD
+C0D1F42B9F4BF7ACC045B7BB5D4805E10737F67B6310CE505248D543D0D5FE07
+D0156949F1381943442C6974E9B5B49EF441BB799EF20477B90A89C3F33620CE
+D151962D954970501C60079258EBCFA38502E0A9F03CD640322B08C0A3117FE5
+D24566BF315F4E597D6E381C87119FB4198F5E9E2607F5F4AB362EF7E2E7672F
+D3A936E1A7775A45217C8296A1F22AC5631DCDEC45594099E78EEEBBEDCBA967
+D6CEAE5D9E047FAF7D797858D229AC991AD44316D1E2A37A21926D763153593A
+DF21016B00FC54F9FE3BC8B039911BB216E9162FAD2FD14D990AB96E951B49BE
+E0E740E4B0F8B3548181FF75B5372FAF4C70B99EC995D694ED0FB91B03FF8D21
+EC30C9C3065A06BB07DC5B1C6B497F370C1CA65C0F30C08E042BA6BCECC78F2C
+F5B6F88F75D391A4B1EB336F9E201239FB6B1377DB8CFA7B84736216E5AFFFD7
+FBB12938ABD86C125796EDF4162D291028890A7D6C0C1CCA75FD4B95EBFA7A1A
+FC02FD48DB92D4DCE6F11679D38354CF750CFC7F584A520EB90BDE80E241F2BD
+FDEDB5BDFCB67411513A61AEE5CB5B5D7C52AF06028EFC996CC1B05B1D6CEA2B
--- a/resources/java/jdk/lib/security/cacerts
+++ b/resources/java/jdk/lib/security/cacerts
--- a/resources/java/jdk/lib/security/default.policy
+++ b/resources/java/jdk/lib/security/default.policy
@ -0,0 +1,242 @@
+//
+// Permissions required by modules stored in a run-time image and loaded
+// by the platform class loader.
+//
+// NOTE that this file is not intended to be modified. If additional
+// permissions need to be granted to the modules in this file, it is
+// recommended that they be configured in a separate policy file or
+// ${java.home}/conf/security/java.policy.
+//
+
+
+grant codeBase "jrt:/java.compiler" {
+    permission java.security.AllPermission;
+};
+
+
+grant codeBase "jrt:/java.net.http" {
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.net";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.net.util";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.net.www";
+    permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
+    permission java.lang.RuntimePermission "modifyThread";
+    permission java.net.SocketPermission "*","connect,resolve";
+    permission java.net.URLPermission "http:*","*:*";
+    permission java.net.URLPermission "https:*","*:*";
+    permission java.net.URLPermission "ws:*","*:*";
+    permission java.net.URLPermission "wss:*","*:*";
+    permission java.net.URLPermission "socket:*","CONNECT";  // proxy
+    // For request/response body processors, fromFile, asFile
+    permission java.io.FilePermission "<<ALL FILES>>","read,write,delete";
+    permission java.util.PropertyPermission "*","read";
+    permission java.net.NetPermission "getProxySelector";
+};
+
+grant codeBase "jrt:/java.scripting" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.security.jgss" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.smartcardio" {
+    permission javax.smartcardio.CardPermission "*", "*";
+    permission java.lang.RuntimePermission "loadLibrary.j2pcsc";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.jca";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.util";
+    permission java.util.PropertyPermission
+                   "javax.smartcardio.TerminalFactory.DefaultType", "read";
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "sun.arch.data.model", "read";
+    permission java.util.PropertyPermission
+                   "sun.security.smartcardio.library", "read";
+    permission java.util.PropertyPermission
+                   "sun.security.smartcardio.t0GetResponse", "read";
+    permission java.util.PropertyPermission
+                   "sun.security.smartcardio.t1GetResponse", "read";
+    permission java.util.PropertyPermission
+                   "sun.security.smartcardio.t1StripLe", "read";
+    // needed for looking up native PC/SC library
+    permission java.io.FilePermission "<<ALL FILES>>","read";
+    permission java.security.SecurityPermission "putProviderProperty.SunPCSC";
+    permission java.security.SecurityPermission
+                   "clearProviderProperties.SunPCSC";
+    permission java.security.SecurityPermission
+                   "removeProviderProperty.SunPCSC";
+};
+
+grant codeBase "jrt:/java.sql" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/java.sql.rowset" {
+    permission java.security.AllPermission;
+};
+
+
+grant codeBase "jrt:/java.xml.crypto" {
+    permission java.lang.RuntimePermission
+                   "getStackWalkerWithClassReference";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.util";
+    permission java.util.PropertyPermission "*", "read";
+    permission java.security.SecurityPermission "putProviderProperty.XMLDSig";
+    permission java.security.SecurityPermission
+                   "clearProviderProperties.XMLDSig";
+    permission java.security.SecurityPermission
+                   "removeProviderProperty.XMLDSig";
+    permission java.security.SecurityPermission
+                   "com.sun.org.apache.xml.internal.security.register";
+    permission java.security.SecurityPermission
+                   "getProperty.jdk.xml.dsig.secureValidationPolicy";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.org.apache.xml.internal.*";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.org.apache.xpath.internal";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.org.apache.xpath.internal.*";
+    permission java.io.FilePermission "<<ALL FILES>>","read";
+    permission java.net.SocketPermission "*", "connect,resolve";
+};
+
+
+grant codeBase "jrt:/jdk.accessibility" {
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.awt";
+};
+
+grant codeBase "jrt:/jdk.charsets" {
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.lang.RuntimePermission "charsetProvider";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.jdk.internal.access";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.jdk.internal.misc";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.cs";
+};
+
+grant codeBase "jrt:/jdk.crypto.ec" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission "loadLibrary.sunec";
+    permission java.security.SecurityPermission "putProviderProperty.SunEC";
+    permission java.security.SecurityPermission "clearProviderProperties.SunEC";
+    permission java.security.SecurityPermission "removeProviderProperty.SunEC";
+};
+
+grant codeBase "jrt:/jdk.crypto.cryptoki" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.com.sun.crypto.provider";
+    permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.misc";
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.ch";
+    permission java.lang.RuntimePermission "loadLibrary.j2pkcs11";
+    permission java.util.PropertyPermission "sun.security.pkcs11.allowSingleThreadedModules", "read";
+    permission java.util.PropertyPermission "sun.security.pkcs11.disableKeyExtraction", "read";
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "os.arch", "read";
+    permission java.util.PropertyPermission "jdk.crypto.KeyAgreement.legacyKDF", "read";
+    permission java.security.SecurityPermission "putProviderProperty.*";
+    permission java.security.SecurityPermission "clearProviderProperties.*";
+    permission java.security.SecurityPermission "removeProviderProperty.*";
+    permission java.security.SecurityPermission
+                   "getProperty.auth.login.defaultCallbackHandler";
+    permission java.security.SecurityPermission "authProvider.*";
+    // Needed for reading PKCS11 config file and NSS library check
+    permission java.io.FilePermission "<<ALL FILES>>", "read";
+};
+
+grant codeBase "jrt:/jdk.dynalink" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.httpserver" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.internal.le" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.internal.vm.compiler" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.internal.vm.compiler.management" {
+    permission java.lang.RuntimePermission "accessClassInPackage.jdk.internal.vm.compiler.collections";
+    permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.runtime";
+    permission java.lang.RuntimePermission "accessClassInPackage.jdk.vm.ci.services";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.core.common";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.debug";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.hotspot";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.options";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.phases.common.jmx";
+    permission java.lang.RuntimePermission "accessClassInPackage.org.graalvm.compiler.serviceprovider";
+};
+
+grant codeBase "jrt:/jdk.jsobject" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.localedata" {
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.text.*";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.util.*";
+};
+
+grant codeBase "jrt:/jdk.naming.dns" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.scripting.nashorn" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.scripting.nashorn.shell" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.security.auth" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.security.jgss" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.zipfs" {
+    permission java.io.FilePermission "<<ALL FILES>>", "read,write,delete";
+    permission java.lang.RuntimePermission "fileSystemProvider";
+    permission java.lang.RuntimePermission "accessClassInPackage.sun.nio.fs";
+    permission java.lang.RuntimePermission "accessUserInformation";
+    permission java.util.PropertyPermission "os.name", "read";
+    permission java.util.PropertyPermission "user.dir", "read";
+    permission java.util.PropertyPermission "user.name", "read";
+};
+
+// permissions needed by applications using java.desktop module
+grant {
+    permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans";
+    permission java.lang.RuntimePermission "accessClassInPackage.com.sun.beans.*";
+    permission java.lang.RuntimePermission "accessClassInPackage.com.sun.java.swing.plaf.*";
+    permission java.lang.RuntimePermission "accessClassInPackage.com.apple.*";
+};
+grant codeBase "jrt:/jdk.accessibility" {
+    permission java.security.AllPermission;
+};
+
+grant codeBase "jrt:/jdk.crypto.mscapi" {
+    permission java.lang.RuntimePermission
+                   "accessClassInPackage.sun.security.*";
+    permission java.lang.RuntimePermission "loadLibrary.sunmscapi";
+    permission java.security.SecurityPermission "putProviderProperty.SunMSCAPI";
+    permission java.security.SecurityPermission
+                   "clearProviderProperties.SunMSCAPI";
+    permission java.security.SecurityPermission
+                   "removeProviderProperty.SunMSCAPI";
+    permission java.security.SecurityPermission "authProvider.SunMSCAPI";
+    permission java.util.PropertyPermission "*", "read";
+};
--- a/resources/java/jdk/lib/security/public_suffix_list.dat
+++ b/resources/java/jdk/lib/security/public_suffix_list.dat