RFR: 8338411: Implement JEP 486: Permanently Disable the Security Manager [v3]
Weijun Wang
weijun at openjdk.org
Sat Oct 26 00:01:40 UTC 2024
On Fri, 25 Oct 2024 21:14:25 GMT, Sean Mullan <mullan at openjdk.org> wrote:
>> src/java.base/share/classes/java/security/SecureClassLoader.java line 1:
>>
>>> 1: /*
>>
>> The class spec still mentions "permissions which are retrieved by the system policy by default". Shall we remove it? Also, `getPermissions` always returns an empty `Permissions` object, do we need to add an `@apiNote` for it?
>
>> The class spec still mentions "permissions which are retrieved by the system policy by default". Shall we remove it?
>
> Yes I think we can remove that text.
>
>> Also, getPermissions always returns an empty Permissions object, do we need to add an @apiNote for it?
>
> You mean a warning like we have in the `Permission` subclasses?
>
> `URLClassLoader` and other subclasses still populate these permissions, but the plan is to revisit that code and potentially remove it later. I will remove "granted to" in the `@return` text.
Sorry, I got it wrong. I thought this `return new Permissions()` is something new. In fact, it was there before this change.
On the other hand, I looked at its subclasses and their `getPermissions(CodeSource cs)` could return quite complicated permission collections. I assume it does not really matter since they are all useless now, right?
-------------
PR Review Comment: https://git.openjdk.org/jdk/pull/21498#discussion_r1817457008
More information about the build-dev
mailing list