RFR: 8195744: Avoid calling ClassLoader.checkPackageAccess if security manager is not installed [v3]

David Holmes dholmes at openjdk.java.net
Fri Feb 5 03:05:44 UTC 2021


On Fri, 5 Feb 2021 02:37:54 GMT, Coleen Phillimore <coleenp at openjdk.org> wrote:

>> This change does not call up to Java for checkPackageAccess if the security manager is NULL, but still saves the protection domain in the pd_set for that dictionary entry.  If the option -Djava.security.manager=disallow is set, that means that there will never be a security manager and the JVM code can avoid saving the protection domains completely. 
>> See the two functions java_lang_System::has_security_manager() and java_lang_System::allow_security_manager() for details.
>> Also deleted ProtectionDomainVerification because there's no use for this option.
>> 
>> Tested with tier1 hotspot, jdk and langtools.
>> and tier2-6.
>
> Coleen Phillimore has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Fix comments and copyright.

Some comments remain confusing.

Thanks,
David

src/hotspot/share/classfile/javaClasses.cpp line 4415:

> 4413: 
> 4414: // This field means that a security manager can be installed so we still have to
> 4415: // populate the ProtectionDomainCacheTable.

No this field returns the installed SM if any. It doesn't tell you anything about whether you can install a SM or not (though obviously if non-NULL then you could).

src/java.base/share/classes/java/lang/System.java line 163:

> 161: 
> 162:     // indicates if a security manager is possible
> 163:     // @implNote The HotSpot JVM hardcodes the value of NEVER.

You don't need this if the VM reads the value of NEVER.

-------------

PR: https://git.openjdk.java.net/jdk/pull/2410


More information about the core-libs-dev mailing list