From 3d45f3ef0f8da6cd602f946b606723ec0a5a3a8f Mon Sep 17 00:00:00 2001
From: Harshad RJ <harshad.rj@gmail.com>
Date: Wed, 6 Feb 2019 17:28:11 +0530
Subject: [PATCH] update sec policy to work with jdk 11

Although the core functionality was working fine in Java 11 before this commit,
some shutdown functionality wasn't.

Signed-off-by: Harshad RJ <harshad.rj@gmail.com>
---
 .../lobobrowser/security/LocalSecurityPolicy.java   | 13 ++++++++++---
 1 file changed, 10 insertions(+), 3 deletions(-)

diff --git a/src/Platform_Core/org/lobobrowser/security/LocalSecurityPolicy.java b/src/Platform_Core/org/lobobrowser/security/LocalSecurityPolicy.java
index 16452a9a..276d5b2e 100644
--- a/src/Platform_Core/org/lobobrowser/security/LocalSecurityPolicy.java
+++ b/src/Platform_Core/org/lobobrowser/security/LocalSecurityPolicy.java
@@ -75,6 +75,7 @@ public class LocalSecurityPolicy extends Policy {
   private static final String recursiveSuffix = File.separator + "-";
 
   private static final Collection<Permission> CORE_PERMISSIONS = new LinkedList<>();
+  private static final Collection<Permission> CP_READ_PERMISSIONS = new LinkedList<>();
   private static final Collection<Permission> EXTENSION_PERMISSIONS = new LinkedList<>();
 
   private static String JAVA_HOME_URL;
@@ -165,12 +166,13 @@ This is only required while running in Eclipse (that is when the URL Class Loade
         final String pathElement = strTokenizer.nextToken();
         if (new File(pathElement).isDirectory()) {
           final FilePermission fp = new FilePermission(pathElement + recursiveSuffix, "read");
-          CORE_PERMISSIONS.add(fp);
+          CP_READ_PERMISSIONS.add(fp);
         } else {
           final FilePermission fp = new FilePermission(pathElement, "read");
-          CORE_PERMISSIONS.add(fp);
+          CP_READ_PERMISSIONS.add(fp);
         }
       }
+      CORE_PERMISSIONS.addAll(CP_READ_PERMISSIONS);
 
       // Java 9 early access requires this while loading resources in Swing internal code.
       // TODO: This could be reported upstream. The Swing code should call doPrivileged().
@@ -427,11 +429,13 @@ public PermissionCollection getPermissions(final CodeSource codesource) {
 
       } else if (path.endsWith("okhttp-urlconnection-3.13.1.jar")) {
         permissions.add(new SocketPermission("*", "connect,resolve,listen,accept"));
+        permissions.add(new RuntimePermission("modifyThread"));
       } else if (path.endsWith("okhttp-3.13.1.jar")) {
         permissions.add(new NetPermission("getProxySelector"));
         permissions.add(new PropertyPermission("okhttp.*", "read"));
         permissions.add(new SocketPermission("*", "connect,resolve,listen,accept"));
-      } else if (path.startsWith(JAVA_HOME_URL) || path.startsWith("jrt:/java")) {
+        permissions.add(new RuntimePermission("modifyThread"));
+      } else if (path.startsWith(JAVA_HOME_URL) || path.startsWith("jrt:/java") || path.startsWith("jrt:/jdk")) {
         // This is to allow libraries to be loaded by JDK classes. Required for SSL libraries for example.
         permissions.add(new FilePermission(JAVA_HOME + recursiveSuffix, "read,execute"));
 
@@ -446,6 +450,9 @@ public PermissionCollection getPermissions(final CodeSource codesource) {
         permissions.add(new FilePermission(STORE_DIRECTORY_CANONICAL + recursiveSuffix, "read,write"));
         permissions.add(new RuntimePermission("setContextClassLoader"));
 
+        permissions.add(new PropertyPermission("*", "read"));
+        permissions.add(new RuntimePermission("shutdownHooks"));
+        copyPermissions(CP_READ_PERMISSIONS, permissions);
       } else if (path.startsWith("jrt:/jdk")) {
         permissions.add(new RuntimePermission("accessClassInPackage.sun.*"));
       }