RFR: 8159752: Grant de-privileged module permissions by default with java.security.policy override option

[Sean Mullan]

Adding build-dev for review since there is one change to a Makefile in 
the webrev below.

Thanks,
Sean

On 07/14/2016 04:05 PM, Sean Mullan wrote:
> Please review this change to the default Policy provider implementation
> to grant de-privileged module permissions by default even when the
> java.security.policy override option is specified or when the
> Policy.getInstance API is used:
>
> http://cr.openjdk.java.net/~mullan/webrevs/8159752/webrev.00/
>
> A new system-wide policy file located in
> ${java.home}/lib/security/default.policy has been created. It contains
> grant statements containing the permissions that need to be granted to
> de-privileged modules. These grant statements were previously located in
> the ${java.home}/conf/security/java.policy file and have been relocated
> to the default.policy file.
>
> The default.policy file is now always loaded by the default Policy
> provider implementation (sun/security/provider/PolicyFile). It is loaded
> if the java.security.policy '=' or '==' option is specified, and also if
> the application uses the Policy.getInstance methods and specifies the
> "JavaPolicy" type. If the default.policy file cannot be loaded, an
> InternalError is thrown, on the basis that the runtime cannot operate
> correctly unless these permissions are granted.
>
> The rationale for making this change is that the runtime should be
> responsible for granting the permissions it needs to operate correctly.
> We should not expect users to have to determine or copy and paste these
> permissions into their own policy files.
>
> Thanks,
> Sean