RFR: 8344289: SM cleanup in jdk.internal.util [v2]

Raffaello Giulietti rgiulietti at openjdk.org
Fri Nov 15 18:16:02 UTC 2024


On Fri, 15 Nov 2024 15:43:08 GMT, Eirik Bjørsnøs <eirbjo at openjdk.org> wrote:

>> Please review this PR to clean up `RandomSupport`, `ClassFileDumper` and `StaticProperty` in the `jdk.internal.util` namespace:
>> 
>> * `RandomSupport` is updated to replace an `AccessController::doPrivileged` call with `Boolean::getBoolean`. (Existing code uses `String::equalsIgnoreCase`, equivalent to `Boolean::getBoolean`)
>> * `ClassFileDumper` constructor is updated to remove a comment referencing `GetPropertyAction`. (I left the `VM::getSavedProperty` call as-is, please advise if this should be replaced with `System::getProperty)
>> * `ClassFileDumper::write` is updated to unwrap a `AccessController::doPrivileged` call
>> * `StaticProperty` is updated to remove `SecurityManager::checkPropertyAccess` references in the documentation
>> 
>> Verification: GHA results pending.
>
> Eirik Bjørsnøs has updated the pull request incrementally with one additional commit since the last revision:
> 
>   Remove redundant suppression

src/java.base/share/classes/jdk/internal/util/random/RandomSupport.java line 728:

> 726:     // The following decides which of two strategies initialSeed() will use.
> 727:     private static boolean secureRandomSeedRequested() {
> 728:         return Boolean.getBoolean("java.util.secureRandomSeed");

Not sure why access to this system property required privileges.

It is documented in [SplittableRandom](https://docs.oracle.com/en/java/javase/23/docs/api/java.base/java/util/SplittableRandom.html#java.util.secureRandomSeed), so I guess it's OK to have unprivileged access.

-------------

PR Review Comment: https://git.openjdk.org/jdk/pull/22141#discussion_r1844278216


More information about the core-libs-dev mailing list