RFR: 8195744: Avoid calling ClassLoader.checkPackageAccess if security manager is not installed [v3]
David Holmes
dholmes at openjdk.java.net
Fri Feb 5 03:05:44 UTC 2021
On Fri, 5 Feb 2021 02:37:54 GMT, Coleen Phillimore <coleenp at openjdk.org> wrote:
>> This change does not call up to Java for checkPackageAccess if the security manager is NULL, but still saves the protection domain in the pd_set for that dictionary entry. If the option -Djava.security.manager=disallow is set, that means that there will never be a security manager and the JVM code can avoid saving the protection domains completely.
>> See the two functions java_lang_System::has_security_manager() and java_lang_System::allow_security_manager() for details.
>> Also deleted ProtectionDomainVerification because there's no use for this option.
>>
>> Tested with tier1 hotspot, jdk and langtools.
>> and tier2-6.
>
> Coleen Phillimore has updated the pull request incrementally with one additional commit since the last revision:
>
> Fix comments and copyright.
Some comments remain confusing.
Thanks,
David
src/hotspot/share/classfile/javaClasses.cpp line 4415:
> 4413:
> 4414: // This field means that a security manager can be installed so we still have to
> 4415: // populate the ProtectionDomainCacheTable.
No this field returns the installed SM if any. It doesn't tell you anything about whether you can install a SM or not (though obviously if non-NULL then you could).
src/java.base/share/classes/java/lang/System.java line 163:
> 161:
> 162: // indicates if a security manager is possible
> 163: // @implNote The HotSpot JVM hardcodes the value of NEVER.
You don't need this if the VM reads the value of NEVER.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2410
More information about the core-libs-dev
mailing list