RFR 8154192: Deprivilege java.scripting module
Mandy Chung
mandy.chung at oracle.com
Wed May 18 16:11:54 UTC 2016
> On May 18, 2016, at 12:55 AM, Sundararajan Athijegannathan <sundararajan.athijegannathan at oracle.com> wrote:
>
> Please review the updated webrevs.
>
> * Fixed Modules.gmk for order of modules:
>
> http://cr.openjdk.java.net/~sundar/8154192/top/webrev.01/
>
> * From quick reading of j.u.ServiceLoader: AccessControlContext is
> captured in ServiceLoader constructor & used for iteration
> (RestrictedIterator). So, ScriptEngineManager calling only ServiceLoader
> constructor inside doPrivileged block seems fine. Also, I turned
> ProviderTest javax.script API test to use security manager - this tests
> loads a dummy script engine from a jar file in classpath. This test
> passes with security manager on.
>
> http://cr.openjdk.java.net/~sundar/8154192/jdk/webrev.01/
>
> Yes, we can still revisit AllPermission for java.scripting module in a
> future change.
+1
I saw you updated the test to run with and without SM which is good.
Mandy
More information about the core-libs-dev
mailing list