git: openjdk/leyden: hermetic-java-runtime: Co-locate java.policy and default.policy with sun.security.provider.PolicyFile in jimage for hermetic Java support.
duke
duke at openjdk.org
Sat Mar 16 01:18:10 UTC 2024
Changeset: 5b3a050f
Author: Jiangli Zhou <jianglizhou at google.com>
Date: 2024-03-15 18:05:33 +0000
URL: https://git.openjdk.org/leyden/commit/5b3a050f95ad232abbd1ed1dd1e60590aa0c3a7d
Co-locate java.policy and default.policy with sun.security.provider.PolicyFile in jimage for hermetic Java support.
Based on zoom discussions with @AlanBateman and others, policy files are expected to be removed in early JDK 24 or JDK 25. So I tried making minimum changes to support hermetic jimage packaged policy files without adding modifications to file:${java.home}/conf/security/java.policy format or any runtime semantics.
For hermetic java.policy, it uses `PolicyFile.class.getResource("java.policy")` to get the URL. I've checked traced bytecode to confirm that it doesn't go through JrtFileSystem to load the policy file using URL.
! make/Images.gmk
! src/java.base/share/classes/sun/security/provider/PolicyFile.java
More information about the leyden-dev
mailing list