Add all constraint check options

KostasTsiounis · KostasTsiounis · commit ada2b63d5a65 · 2025-01-24T12:17:42.000-05:00
diff --git a/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java b/closed/src/java.base/share/classes/openj9/internal/security/RestrictedSecurity.java
@@ -883,13 +883,34 @@ boolean isRestrictedServiceAllowed(Service service, boolean isServiceAdded) {
                         if (debug != null) {
                             debug.println("Attempting to match " + stackElement + " with: " + optionAndValue);
                         }
+                        String stackElemModule = stackElement.getModuleName();
                         String stackElemFullClassName = stackElement.getClassName();
+                        String stackElemPackage = stackElemFullClassName.substring(stackElemFullClassName.lastIndexOf(".") + 1);
+                        String module;
                         switch (option) {
+                            case "ModuleAndFullClassName":
+                                String[] moduleAndFullClassName = value.split("/");
+                                if (moduleAndFullClassName.length != 2) {
+                                    printStackTraceAndExit("Incorrect specification of accepted uses in constraint: " + constraint);
+                                }
+                                module = moduleAndFullClassName[0];
+                                String fullClassName = moduleAndFullClassName[1];
+                                found = stackElemModule.equals(module) && stackElemFullClassName.equals(fullClassName);
+                                break;
+                            case "ModuleAndPackage":
+                                String[] moduleAndPackage = value.split("/");
+                                if (moduleAndPackage.length != 2) {
+                                    printStackTraceAndExit("Incorrect specification of accepted uses in constraint: " + constraint);
+                                }
+                                module = moduleAndPackage[0];
+                                String packageValue = moduleAndPackage[1];
+                                found = stackElemModule.equals(module) && stackElemFullClassName.equals(packageValue);
+                                break;
                             case "FullClassName":
                                 found = stackElemFullClassName.equals(value);
                                 break;
                             case "Package":
-                                String stackElemPackage = stackElemFullClassName.substring(stackElemFullClassName.lastIndexOf(".") + 1);
+                                
                                 found = stackElemPackage.equals(value);
                                 break;
                             default:
diff --git a/src/java.base/share/conf/security/java.security b/src/java.base/share/conf/security/java.security
@@ -283,7 +283,7 @@ RestrictedSecurity.OpenJCEPlusFIPS.FIPS140-3.jce.provider.1 = com.ibm.crypto.plu
     {KeyGenerator, SunTlsMasterSecret, *}, \
     {KeyGenerator, SunTlsPrf, *}, \
     {KeyGenerator, SunTlsRsaPremasterSecret, *}, \
-    {KeyPairGenerator, EC, *, \\S*?StackConstraints\\S*?}, \
+    {KeyPairGenerator, EC, *}, \
     {KeyPairGenerator, RSA, *}, \
     {KeyPairGenerator, RSAPSS, *}, \
     {Mac, HmacSHA224, *}, \
