RFR: 8195744: Avoid calling ClassLoader.checkPackageAccess if security manager is not installed
Mandy Chung
mchung at openjdk.java.net
Thu Feb 4 22:42:39 UTC 2021
On Thu, 4 Feb 2021 19:12:32 GMT, Coleen Phillimore <coleenp at openjdk.org> wrote:
> This change does not call up to Java for checkPackageAccess if the security manager is NULL, but still saves the protection domain in the pd_set for that dictionary entry. If the option -Djava.security.manager=disallow is set, that means that there will never be a security manager and the JVM code can avoid saving the protection domains completely.
> See the two functions java_lang_System::has_security_manager() and java_lang_System::allow_security_manager() for details.
> Also deleted ProtectionDomainVerification because there's no use for this option.
>
> Tested with tier1 hotspot, jdk and langtools.
> and tier2-6.
It's good to see this change benefitting from `-Djava.security.manager=disallow` work. A minor comment: VM now hardcodes the value for `NEVER` (1). It may worth adding a comment in `System::NEVER` of such dependency.
-------------
PR: https://git.openjdk.java.net/jdk/pull/2410
More information about the hotspot-runtime-dev
mailing list